Policie ČR

[Ikvous]

Dobrý den všem,
prosím o pomoc. Kolegyně mi sem přitáhla její notebook, že tam její přítel dělal "Bůh ví co" a teď jim tam skáče tolik oblíbená Policie ČR. Níže zasílám log z RSIT. Předem díky za pomoc.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Acer at 2013-04-23 17:52:04
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 119 GB (80%) free of 149 GB
Total RAM: 1980 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:52:44, on 23.4.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Vodafone\VMCLite\VodafoneVMCLiteLauncher.exe
C:\Users\Acer\Desktop\RSIT.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\trend micro\Acer.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\ctfmon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [VodafoneVMCLiteLauncher] C:\Program Files\Vodafone\VMCLite\\VodafoneVMCLiteLauncher.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [T-Mobile CManager] "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Vodafone VMC Lite Launcher.lnk = ?
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.ote-cr.cz
O15 - Trusted Zone: http://www.samsungsetup.com
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://portal.ote-cr.cz/otemarket/reso ... apicom.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0ABC0D27-1C1C-4434-B3C9-A872FB5D7B6F}: NameServer =
O17 - HKLM\System\CCS\Services\Tcpip\..\{58521C52-A724-4BCB-82F8-702B52155E40}: NameServer =
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC8BCD6F-3FCD-8FF4-3E67-6D55A2AD1275}: NameServer = 93.153.117.33 93.153.117.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

--
End of file - 6957 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\axgs9o1k.default

"{cb84136f-9c44-433a-9048-c5cd9df1dc16}"=C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.6.602.180 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll [2012-10-23 1137784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll [2012-10-23 1137784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"VodafoneVMCLiteLauncher"=C:\Program Files\Vodafone\VMCLite\\VodafoneVMCLiteLauncher.exe [2008-04-01 102400]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-04 98304]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2012-10-25 421888]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-04 151064]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2013-01-27 947152]
"LManager"=C:\Program Files\Launch Manager\LManager.exe [2009-08-18 1157640]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2013-02-20 152392]
"ISTray"=C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe [2012-11-01 2717816]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-04 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-04 174104]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-01-28 59720]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"T-Mobile CManager"=C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe [2013-03-11 2038552]
"ISUSPM"=C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [2007-07-12 226904]
"iCloudServices"=C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [2012-12-17 59872]
"ApplePhotoStreams"=C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [2012-12-17 59872]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Vodafone VMC Lite Launcher.lnk - C:\Windows\Installer\{36DA8767-9BE9-4ACF-8679-958D6379F22C}\NewShortcut1_5E3003BD8B2446E5BEDC66B4435E8637.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-04 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-04-23 17:22:41 ----D---- C:\Program Files\trend micro
2013-04-23 17:22:40 ----D---- C:\rsit
2013-04-22 20:59:06 ----D---- C:\Windows\pss
2013-04-22 20:42:56 ----N---- C:\bootsqm.dat
2013-04-22 18:29:00 ----A---- C:\Windows\system32\drivers\PCTBD.sys
2013-04-22 18:28:56 ----A---- C:\Windows\BDTSupport.dll
2013-04-22 18:28:54 ----A---- C:\Windows\SGDetectionTool.dll
2013-04-22 18:28:51 ----A---- C:\Windows\PCTBDCore.dll
2013-04-22 18:28:50 ----A---- C:\Windows\PCTBDRes.dll
2013-04-22 18:27:51 ----A---- C:\Windows\system32\drivers\pctwfpfilter.sys
2013-04-22 18:27:51 ----A---- C:\Windows\system32\drivers\pctgntdi.sys
2013-04-22 18:27:46 ----A---- C:\Windows\system32\drivers\pctBTFix.sys
2013-04-22 18:27:28 ----A---- C:\Windows\system32\drivers\pctplsm.sys
2013-04-22 18:27:28 ----A---- C:\Windows\system32\drivers\pctplsg.sys
2013-04-22 18:26:19 ----D---- C:\Program Files\PC Tools
2013-04-22 18:22:50 ----A---- C:\Windows\system32\drivers\Cat.DB
2013-04-22 18:22:47 ----A---- C:\Windows\system32\drivers\pctEFA.sys
2013-04-22 18:22:47 ----A---- C:\Windows\system32\drivers\pctDS.sys
2013-04-22 18:22:43 ----A---- C:\Windows\system32\drivers\PCTCore.sys
2013-04-22 18:22:43 ----A---- C:\Windows\system32\drivers\PCTAppEvent.sys
2013-04-22 18:22:36 ----A---- C:\Windows\system32\drivers\PCTSD.sys
2013-04-22 18:22:31 ----D---- C:\Program Files\Common Files\PC Tools
2013-04-22 17:27:57 ----A---- C:\Windows\ntbtlog.txt
2013-04-22 17:24:54 ----AD---- C:\ProgramData\TEMP
2013-04-22 17:24:36 ----D---- C:\ProgramData\PC Tools
2013-04-22 17:24:32 ----D---- C:\Users\Acer\AppData\Roaming\TestApp
2013-04-22 13:07:33 ----A---- C:\Users\Acer\AppData\Roaming\AltShell.ini
2013-04-15 21:51:41 ----D---- C:\FloraHolland
2013-04-13 13:09:56 ----D---- C:\Program Files\Mozilla Firefox
2013-04-13 11:17:23 ----A---- C:\Windows\system32\vbscript.dll
2013-04-13 11:17:23 ----A---- C:\Windows\system32\mshtmled.dll
2013-04-13 11:17:22 ----A---- C:\Windows\system32\jsproxy.dll
2013-04-13 11:17:21 ----A---- C:\Windows\system32\ieui.dll
2013-04-13 11:17:20 ----A---- C:\Windows\system32\msfeeds.dll
2013-04-13 11:17:20 ----A---- C:\Windows\system32\ieUnatt.exe
2013-04-13 11:17:19 ----A---- C:\Windows\system32\wininet.dll
2013-04-13 11:17:19 ----A---- C:\Windows\system32\jscript.dll
2013-04-13 11:17:18 ----A---- C:\Windows\system32\url.dll
2013-04-13 11:17:18 ----A---- C:\Windows\system32\jscript9.dll
2013-04-13 11:17:17 ----A---- C:\Windows\system32\iertutil.dll
2013-04-13 11:17:15 ----A---- C:\Windows\system32\urlmon.dll
2013-04-13 11:17:12 ----A---- C:\Windows\system32\mshtml.dll
2013-04-13 11:17:12 ----A---- C:\Windows\system32\ieframe.dll
2013-04-11 16:47:42 ----A---- C:\Windows\system32\drivers\GEARAspiWDM.sys
2013-04-11 16:46:52 ----D---- C:\Program Files\iPod
2013-04-11 16:46:51 ----D---- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-04-11 16:46:51 ----D---- C:\Program Files\iTunes
2013-04-11 16:42:01 ----D---- C:\Program Files\QuickTime
2013-04-10 17:35:25 ----A---- C:\Windows\system32\win32k.sys
2013-04-10 17:35:24 ----A---- C:\Windows\system32\drivers\fvevol.sys
2013-04-10 17:35:22 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-04-10 17:35:21 ----A---- C:\Windows\system32\smss.exe
2013-04-10 17:35:21 ----A---- C:\Windows\system32\ntkrnlpa.exe
2013-04-10 17:35:21 ----A---- C:\Windows\system32\csrsrv.dll
2013-04-10 17:35:10 ----A---- C:\Windows\system32\drivers\ntfs.sys
2013-03-26 09:34:10 ----A---- C:\Windows\system32\drivers\usb8023.sys

======List of files/folders modified in the last 1 month======

2013-04-23 17:52:24 ----D---- C:\Windows\Temp
2013-04-23 17:51:43 ----RD---- C:\Program Files
2013-04-23 17:49:51 ----D---- C:\Windows\System32
2013-04-23 17:49:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-04-23 17:49:50 ----D---- C:\Windows\inf
2013-04-23 17:49:22 ----D---- C:\Windows\system32\config
2013-04-23 17:46:26 ----D---- C:\Windows
2013-04-23 17:42:37 ----D---- C:\Windows\tracing
2013-04-22 20:54:16 ----D---- C:\Windows\Prefetch
2013-04-22 20:51:52 ----SHD---- C:\System Volume Information
2013-04-22 18:29:00 ----D---- C:\Windows\system32\drivers
2013-04-22 18:26:43 ----SHD---- C:\Windows\Installer
2013-04-22 18:26:41 ----D---- C:\Windows\winsxs
2013-04-22 18:22:31 ----D---- C:\Program Files\Common Files
2013-04-22 17:24:54 ----HD---- C:\ProgramData
2013-04-22 12:50:02 ----D---- C:\Windows\system32\NDF
2013-04-20 01:01:59 ----D---- C:\Windows\Minidump
2013-04-19 18:55:41 ----D---- C:\Windows\system32\catroot2
2013-04-15 21:55:52 ----SD---- C:\Users\Acer\AppData\Roaming\Microsoft
2013-04-15 21:51:44 ----RSD---- C:\Windows\Fonts
2013-04-15 17:58:26 ----D---- C:\Windows\system32\LogFiles
2013-04-14 11:11:31 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-04-13 11:34:11 ----D---- C:\Windows\system32\migration
2013-04-13 11:34:10 ----D---- C:\Program Files\Internet Explorer
2013-04-13 11:17:38 ----D---- C:\Windows\system32\catroot
2013-04-13 11:14:47 ----A---- C:\Windows\system32\MRT.exe
2013-04-12 20:50:03 ----D---- C:\Users\Acer\AppData\Roaming\Apple Computer
2013-04-11 17:53:51 ----D---- C:\Windows\rescache
2013-04-11 16:47:42 ----DC---- C:\Windows\system32\DRVSTORE
2013-04-11 16:46:51 ----D---- C:\Program Files\Common Files\Apple
2013-04-11 16:44:36 ----D---- C:\Windows\system32\DriverStore
2013-04-10 22:55:02 ----D---- C:\Program Files\Full Tilt Poker
2013-04-02 12:33:22 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-01-20 195296]
R0 PCTCore;PCTools KDS; C:\Windows\system32\drivers\PCTCore.sys [2012-10-22 368616]
R0 pctDS;PC Tools Data Store; C:\Windows\system32\drivers\pctDS.sys [2012-02-28 342168]
R0 pctEFA;PC Tools Extended File Attributes; C:\Windows\system32\drivers\pctEFA.sys [2012-02-28 909728]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 pctgntdi;pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi.sys [2012-10-31 260760]
R1 PCTSD;PC Tools Spyware Doctor Driver; C:\Windows\System32\Drivers\PCTSD.sys [2012-11-01 202280]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2009-09-04 5174272]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2009-09-04 110080]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2009-03-26 21000]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2012-04-23 76544]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd32.sys [2009-09-04 5946368]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x86.sys [2009-07-14 50688]
R3 NETw5s32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 32 Bit; C:\Windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
R3 PCTBD;PC Tools Browser Defender Driver; C:\Windows\System32\Drivers\PCTBD.sys [2012-10-23 62688]
R3 pctplsm;pctplsm; \??\C:\Windows\System32\drivers\pctplsm.sys [2012-11-01 68272]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-09-04 5174272]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 11136]
S3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [2012-04-23 95616]
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys [2012-04-23 27520]
S3 huawei_wwanecm;huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [2012-04-23 202752]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-04 5946368]
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl.sys [2012-03-26 18432]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2012-08-23 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2012-12-13 45056]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-09-04 172032]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-12-21 57008]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-10-23 580728]
R2 Live Updater Service;Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-04-05 255376]
R2 MbnExt;Mobile Broadband Extension Service; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-01-27 20456]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe [2012-10-31 403416]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe [2012-11-01 1162360]
R2 TeamViewer7;TeamViewer 7; C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-24 2735528]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2013-02-20 553288]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-13 253656]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-04-13 115608]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-09-03 1343400]

-----------------EOF-----------------

[vyosek]

zdravim

Jedna se o jeji soukromy ntb nebo nejaky firemni\pracovni

[Ikvous]

Co já vím, tak by měl by být její/jeho soukromý (v práci má standardní PC).

[vyosek]

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ukoncete vsechny programy
• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Pockejte na dokonceni PreScanu
• Zvolte moznost Prohledat (scan)
• Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte
• Detailni postup vc. obrazku mate zde http://forum.viry.cz/viewtopic.php?f=24&t=120452

[Ikvous]

Chvíli to trvalo, ale log z RogueKiller je zde:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Acer [Práva správce]
Mód : Kontrola -- Datum : 04/23/2013 19:06:32
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 1 ¤¤¤
[SUSP PATH] AltShell.dat -- C:\Users\Acer\AppData\Roaming\AltShell.dat [-] -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 9 ¤¤¤
[SHELL][SUSP PATH] HKCU\[...]\Winlogon : shell (explorer.exe,C:\Users\Acer\AppData\Roaming\AltShell.dat) [-] -> NALEZENO
[SHELL][SUSP PATH] HKUS\S-1-5-21-137119653-3956785414-4148604313-1000[...]\Winlogon : shell (explorer.exe,C:\Users\Acer\AppData\Roaming\AltShell.dat) [-] -> NALEZENO
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{CC8BCD6F-3FCD-8FF4-3E67-6D55A2AD1275} : NameServer (93.153.117.33 93.153.117.1) -> NALEZENO
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{CC8BCD6F-3FCD-8FF4-3E67-6D55A2AD1275} : NameServer (93.153.117.33 93.153.117.1) -> NALEZENO
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{CC8BCD6F-3FCD-8FF4-3E67-6D55A2AD1275} : NameServer (93.153.117.33 93.153.117.1) -> NALEZENO
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJ] HKLM\[...]\System : EnableLUA (0) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS543232L9A300 ATA Device +++++
--- User ---
[MBR] 669db4ab58980ff4a61f8cdedf17653b
[BSP] 1f095328dad467ac28c83edcc6d3035b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 148900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 305154048 | Size: 156243 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ADATA USB Flash Drive USB Device +++++
--- User ---
[MBR] 3ab2ec9c3be94f23cee1cba8fb6f8c45
[BSP] a83a24340e59ea8cbbf2d8eaa19e98b0 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 30951 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[1]_S_04232013_02d1906.txt >>
RKreport[1]_S_04232013_02d1906.txt

[vyosek]

Spustte znovu RogueKiller

• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
• Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte

Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/

• Ulozte nejlepe na Plochu a rozbalte
• Spustte kliknutim na mbanr
• Nyni postupne kliknete na Next a Update
• Po dokonceni update (aktualizace) databaze kliknete opet na Next
• Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
• Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
• Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
• Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
• PC bude restartovan
• Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte

[Ikvous]

Tak zatímco MBAR páchá své, tak přikládám logy z RogueKiller:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Acer [Práva správce]
Mód : Odebrat -- Datum : 04/23/2013 19:15:30
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 8 ¤¤¤
[SHELL][SUSP PATH] HKCU\[...]\Winlogon : shell (explorer.exe,C:\Users\Acer\AppData\Roaming\AltShell.dat) [-] -> VYMAZÁNO
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{CC8BCD6F-3FCD-8FF4-3E67-6D55A2AD1275} : NameServer (93.153.117.33 93.153.117.1) -> NEBYLO ODSTRANĚNO, POUŽIJTE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{CC8BCD6F-3FCD-8FF4-3E67-6D55A2AD1275} : NameServer (93.153.117.33 93.153.117.1) -> NEBYLO ODSTRANĚNO, POUŽIJTE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{CC8BCD6F-3FCD-8FF4-3E67-6D55A2AD1275} : NameServer (93.153.117.33 93.153.117.1) -> NEBYLO ODSTRANĚNO, POUŽIJTE DNSFIX
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NAHRAZENO (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> NAHRAZENO (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS543232L9A300 ATA Device +++++
--- User ---
[MBR] 669db4ab58980ff4a61f8cdedf17653b
[BSP] 1f095328dad467ac28c83edcc6d3035b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 148900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 305154048 | Size: 156243 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[3]_D_04232013_02d1915.txt >>
RKreport[1]_S_04232013_02d1906.txt ; RKreport[2]_S_04232013_02d1913.txt ; RKreport[3]_D_04232013_02d1915.txt



RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Acer [Práva správce]
Mód : Oprava HOSTS -- Datum : 04/23/2013 19:16:35
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost

Dokončeno : << RKreport[4]_H_04232013_02d1916.txt >>
RKreport[1]_S_04232013_02d1906.txt ; RKreport[2]_S_04232013_02d1913.txt ; RKreport[3]_D_04232013_02d1915.txt ; RKreport[4]_H_04232013_02d1916.txt

[vyosek]

Pockam na MBAR

[Ikvous]

Trvalo to chvilku déle (nemám rád lidi, co mají tuny fotek na ploše), ale povedlo se:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.296000 GHz
Memory total: 2075959296, free: 1015095296

------------ Kernel report ------------
04/23/2013 19:19:00
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\pctDS.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\system32\drivers\PCTCore.sys
\SystemRoot\system32\drivers\pctEFA.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\??\C:\Windows\System32\drivers\pctgntdi.sys
\Device\Harddisk0\Partition2\Windows\system32\drivers\PctWfpFilter.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\System32\Drivers\PCTSD.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atipmdag.sys
\SystemRoot\system32\DRIVERS\igdpmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\L1C62x86.sys
\SystemRoot\system32\DRIVERS\NETw5s32.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\DKbFltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\ew_jubusenum.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\System32\drivers\pctplsm.sys
\SystemRoot\System32\Drivers\PCTBD.sys
\SystemRoot\system32\drivers\WudfPf.sys
\??\C:\Windows\system32\drivers\TrueSight.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR4
Upper Device Object: 0xffffffffb701aac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007d\
Lower Device Object: 0xffffffffaf8cb1c8
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8603e030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\
Lower Device Object: 0xffffffff85b62030
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.296000 GHz
Memory total: 2075959296, free: 1006211072

------------ Kernel report ------------
04/23/2013 19:19:11
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\pctDS.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\system32\drivers\PCTCore.sys
\SystemRoot\system32\drivers\pctEFA.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\??\C:\Windows\System32\drivers\pctgntdi.sys
\Device\Harddisk0\Partition2\Windows\system32\drivers\PctWfpFilter.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\System32\Drivers\PCTSD.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atipmdag.sys
\SystemRoot\system32\DRIVERS\igdpmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\L1C62x86.sys
\SystemRoot\system32\DRIVERS\NETw5s32.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\DKbFltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\ew_jubusenum.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\System32\drivers\pctplsm.sys
\SystemRoot\System32\Drivers\PCTBD.sys
\SystemRoot\system32\drivers\WudfPf.sys
\??\C:\Windows\system32\drivers\TrueSight.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR4
Upper Device Object: 0xffffffffb701aac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007d\
Lower Device Object: 0xffffffffaf8cb1c8
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xffffffff855d66b8
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8603e030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\
Lower Device Object: 0xffffffff85b62030
Lower Device Driver Name: \Driver\atapi\
Device already Exists: 0xffffffffc58f4048
Downloaded database version: v2013.04.23.05
Downloaded database version: v2013.04.22.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8603e030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8603d3d8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8603e030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8603d9c0, DeviceName: Unknown, DriverName: \Driver\PCTCore\
DevicePointer: 0xffffffff85b62030, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffb69f4570, 0xffffffff8603e030, 0xffffffffc589aac8
Lower DeviceData: 0xffffffff8b0b7c48, 0xffffffff85b62030, 0xffffffffc58f4048
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4F224F22

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 304947200

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 305154048 Numsec = 319985664

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Performing system, memory and registry scan...
Infected: c:\Users\Acer\AppData\Roaming\AltShell.dat --> [Trojan.Agent.ATS]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.296000 GHz
Memory total: 2075959296, free: 1264164864

Removal queue found; removal started
Removing c:\Users\Acer\AppData\Roaming\AltShell.dat...
Removal finished
=======================================

[Ikvous]

Jinak chování mi již přijde normální. Myslíte si, že jej takto mohu vrátit?

[vyosek]

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[Ikvous]

Tak přeci jen se něco našlo. Zasílám log z ComboFixu:

ComboFix 13-04-24.03 - Acer 24.04.2013 18:24:13.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.1980.728 [GMT 2:00]
Spuštěný z: c:\users\Acer\Desktop\Oprava PC\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AV: PC Tools AntiVirus Free *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: PC Tools AntiVirus Free *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Acer\6937331.exe
c:\users\Acer\8221720.exe
c:\windows\PolicyDefinitions
c:\windows\PolicyDefinitions\cs-CZ\DeviceRedirection.adml
c:\windows\PolicyDefinitions\cs-CZ\EnhancedStorage.adml
c:\windows\PolicyDefinitions\cs-CZ\InetRes.adml
c:\windows\PolicyDefinitions\cs-CZ\NCSI.adml
c:\windows\PolicyDefinitions\cs-CZ\RacWmiProv.adml
c:\windows\PolicyDefinitions\cs-CZ\ReAgent.adml
c:\windows\PolicyDefinitions\cs-CZ\sdiageng.adml
c:\windows\PolicyDefinitions\cs-CZ\sdiagschd.adml
c:\windows\PolicyDefinitions\cs-CZ\Search.adml
c:\windows\PolicyDefinitions\cs-CZ\ShapeCollector.adml
c:\windows\PolicyDefinitions\cs-CZ\TerminalServer-WinIP.adml
c:\windows\PolicyDefinitions\cs-CZ\WindowsMediaDRM.adml
c:\windows\PolicyDefinitions\cs-CZ\WindowsMediaPlayer.adml
c:\windows\PolicyDefinitions\DeviceRedirection.admx
c:\windows\PolicyDefinitions\en-US\InetRes.adml
c:\windows\PolicyDefinitions\EnhancedStorage.admx
c:\windows\PolicyDefinitions\inetres.admx
c:\windows\PolicyDefinitions\NCSI.admx
c:\windows\PolicyDefinitions\RacWmiProv.admx
c:\windows\PolicyDefinitions\ReAgent.admx
c:\windows\PolicyDefinitions\sdiageng.admx
c:\windows\PolicyDefinitions\sdiagschd.admx
c:\windows\PolicyDefinitions\Search.admx
c:\windows\PolicyDefinitions\ShapeCollector.admx
c:\windows\PolicyDefinitions\Terminalserver-WinIP.admx
c:\windows\PolicyDefinitions\WindowsMediaDRM.admx
c:\windows\PolicyDefinitions\WindowsMediaPlayer.admx
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-03-24 do 2013-04-24 )))))))))))))))))))))))))))))))
.
.
2013-04-24 16:35 . 2013-04-24 16:39 -------- d-----w- c:\users\Acer\AppData\Local\temp
2013-04-24 16:35 . 2013-04-24 16:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-23 17:18 . 2013-04-23 17:18 -------- d-----w- c:\programdata\Malwarebytes
2013-04-23 17:12 . 2013-04-23 17:12 15616 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2013-04-23 16:51 . 2013-04-23 16:50 706640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{58155773-EB60-4F83-86C8-4B2AC611B012}\gapaengine.dll
2013-04-23 16:51 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6EC5066A-51C2-4F3F-AA30-834ADB54DA95}\mpengine.dll
2013-04-23 15:22 . 2013-04-23 15:52 -------- d-----w- c:\program files\trend micro
2013-04-23 15:22 . 2013-04-23 15:22 -------- d-----w- C:\rsit
2013-04-22 16:29 . 2012-10-23 15:40 62688 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2013-04-22 16:28 . 2012-10-23 15:40 769144 ----a-w- c:\windows\BDTSupport.dll
2013-04-22 16:28 . 2012-10-23 15:40 150648 ----a-w- c:\windows\SGDetectionTool.dll
2013-04-22 16:28 . 2012-10-23 15:40 2280568 ----a-w- c:\windows\PCTBDCore.dll
2013-04-22 16:28 . 2012-10-23 15:40 1690744 ----a-w- c:\windows\PCTBDRes.dll
2013-04-22 16:27 . 2012-10-31 12:21 178584 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2013-04-22 15:24 . 2013-04-22 15:24 -------- d-----w- c:\users\Acer\AppData\Roaming\TestApp
2013-04-22 11:07 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-15 19:51 . 2013-04-15 19:51 -------- d-----w- C:\FloraHolland
2013-04-11 14:47 . 2012-08-21 11:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-04-11 14:46 . 2013-04-11 14:46 -------- d-----w- c:\program files\iPod
2013-04-11 14:46 . 2013-04-11 14:47 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-04-11 14:46 . 2013-04-11 14:47 -------- d-----w- c:\program files\iTunes
2013-04-11 14:42 . 2013-04-11 14:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2013-04-11 14:42 . 2013-04-11 14:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2013-04-11 14:42 . 2013-04-11 14:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-04-11 14:42 . 2013-04-11 14:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-04-11 14:42 . 2013-04-11 14:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-04-11 14:42 . 2013-04-11 14:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-04-11 14:42 . 2013-04-11 14:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-04-11 14:42 . 2013-04-11 14:42 -------- d-----w- c:\program files\QuickTime
2013-04-10 15:35 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 15:35 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 15:35 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 15:35 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 15:35 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 15:35 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-10 15:35 . 2013-03-02 05:07 1212264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-26 07:34 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-02 10:33 . 2012-09-03 16:08 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-03-13 20:04 . 2012-09-03 17:52 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 20:04 . 2012-09-03 17:52 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-12 04:48 . 2013-03-14 19:09 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 19:09 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-13 11:10 . 2013-04-13 11:09 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"T-Mobile CManager"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2013-03-11 2038552]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VodafoneVMCLiteLauncher"="c:\program files\Vodafone\VMCLite\\VodafoneVMCLiteLauncher.exe" [2008-04-01 102400]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-04 98304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-04 151064]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-18 1157640]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-04 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-04 174104]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Vodafone VMC Lite Launcher.lnk - c:\windows\Installer\{36DA8767-9BE9-4ACF-8679-958D6379F22C}\NewShortcut1_5E3003BD8B2446E5BEDC66B4435E8637.exe [2012-11-4 65536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 pctplsm;pctplsm;c:\windows\System32\drivers\pctplsm.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [x]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 MbnExt;Mobile Broadband Extension Service;c:\windows\system32\svchost.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 NETw5s32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
GPSvcGroup REG_MULTI_SZ GPSvc
MbnExt REG_MULTI_SZ MbnExt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-03 20:04]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: ote-cr.cz\portal
Trusted Zone: ote-cr.cz\www
Trusted Zone: postsignum.cz\www
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.100.1
TCP: Interfaces\{CC8BCD6F-3FCD-8FF4-3E67-6D55A2AD1275}: NameServer = 93.153.117.33 93.153.117.1
FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\axgs9o1k.default\
FF - ExtSQL: 2013-04-22 18:29; {cb84136f-9c44-433a-9048-c5cd9df1dc16}; c:\program files\PC Tools\PC Tools Security\BDT\Firefox
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-04-24 18:44:04
ComboFix-quarantined-files.txt 2013-04-24 16:44
.
Před spuštěním: Volných bajtů: 123 314 814 976
Po spuštění: Volných bajtů: 123 362 734 080
.
- - End Of File - - 71A248B99608D066E76A1B3BB08005BC

[vyosek]

Odinstalujte PC Tools AntiVirus Free

Stahnete SecurityCheck http://screen317.spywareinfoforum.org/SecurityCheck.exe

• Ulozte nejlepe na Plochu
• Spustte tradicne dvouklikem a postupujte dle pokynu utility
• Po dokonceni skenu se vytvori a otevre log, ten mi sem vlozte

[Ikvous]

Tak log zde:


Results of screen317's Security Check version 0.99.63
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 11.6.602.180
Adobe Reader 10.1.6 Adobe Reader out of Date!
Mozilla Firefox (20.0.1)
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

[vyosek]

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Prohledat
• Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte