Problém so spustením RSIT

Zpráva

enigma8877 · #1 Příspěvek od **enigma8877** » 06 kvě 2013 18:51

Zdravím, mám problém so spustením RSIT. Stiahol som si ho a po inštalácií, pri spustení HiJackThis mi vyskočí toto okno:

Obrázek

V čom môže byť problém? Vďaka za radu.

#2 Příspěvek od **Rudy** » 06 kvě 2013 19:59

Zdravím!
Zkuste spustit jako správce.

enigma8877 · #3 Příspěvek od **enigma8877** » 06 kvě 2013 20:17

Skúsil som to, ale nepomohlo.

#4 Příspěvek od **Rudy** » 06 kvě 2013 20:27

Zkuste přejmenovat třeba na xyz.exe a spustit.

enigma8877 · #5 Příspěvek od **enigma8877** » 07 kvě 2013 16:39

Nepomohlo, ani premenovanie súboru.

#6 Příspěvek od **Rudy** » 07 kvě 2013 17:14

Pravděpodobně tam máte nějakého šmejda. Udělejte sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

enigma8877 · #7 Příspěvek od **enigma8877** » 09 kvě 2013 16:12

Tu je log z MAM:

Ten disk J, kde našlo nejaké šmejdy je externý disk, ktorý som pripojil k NB kvôli kontrole.

Malwarebytes Anti-Malware 1.75.0.1300
http://www.malwarebytes.org

Verzia databázy: v2013.05.09.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16540
Admin :: PC [administrátor]

9. 5. 2013 14:50:21
MBAM-log-2013-05-09 (17-10-59).txt

Typ kontroly: Úplná kontrola (C:\|D:\|E:\|J:\|)
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 472066
Uplynutý čas: 2 hod, 19 min, 9 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 0
(Škodlivé položky neboli zistené)

Detegované súbory: 4
J:\Inštalačky\Dokumenty\ABBYY PDF Transformer 3.0+crack\ABBYY_PDF_Transformer_3.0_Crack.zip (PUP.Hacktool.Patcher) -> Žiadna úloha nevykonaná.
J:\Inštalačky\Dokumenty\ABBYY PDF Transformer 3.0+crack\ABBYY PDF Transformer 3.0 Crack\Crack\3.0.100.216\3.0.100.216.exe (PUP.Hacktool.Patcher) -> Žiadna úloha nevykonaná.
J:\Inštalačky\Dokumenty\MS Office 2010\Aktivátor\Aktivátor.exe (RiskWare.Tool.CK) -> Žiadna úloha nevykonaná.
J:\Inštalačky\Filmy a hudba\SOny_Vegas.8_Full_Cz\Keygen.exe (RiskWare.Tool.CK) -> Žiadna úloha nevykonaná.

(koniec)

#8 Příspěvek od **Rudy** » 09 kvě 2013 18:20

Ještě poprosím o log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

enigma8877 · #9 Příspěvek od **enigma8877** » 09 kvě 2013 19:22

Combofix log:

ComboFix 13-05-09.01 - Admin . 05. 2013 20:08:18.1.2 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1250.421.1051.18.1977.1010 [GMT 2:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-04-09 to 2013-05-09 )))))))))))))))))))))))))))))))
.
.
2013-05-09 18:17 . 2013-05-09 18:17 -------- d-----w- c:\users\Admin\AppData\Local\temp
2013-05-09 18:17 . 2013-05-09 18:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-09 18:11 . 2013-05-09 18:11 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{45DA6706-44FF-40C0-B14F-2ED50B6F472F}\offreg.dll
2013-05-09 09:17 . 2013-05-09 09:17 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2013-05-09 09:16 . 2013-05-09 09:16 -------- d-----w- c:\programdata\Malwarebytes
2013-05-09 09:16 . 2013-05-09 09:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-09 09:16 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-09 09:16 . 2013-05-09 09:16 -------- d-----w- c:\users\Admin\AppData\Local\Programs
2013-05-08 09:47 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{45DA6706-44FF-40C0-B14F-2ED50B6F472F}\mpengine.dll
2013-05-06 11:44 . 2013-05-07 15:38 -------- d-----w- c:\program files\trend micro
2013-05-06 11:44 . 2013-05-06 11:44 -------- d-----w- C:\rsit
2013-04-23 22:21 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-16 16:25 . 2013-04-16 16:25 -------- d-----w- c:\program files\Common Files\Skype
2013-04-10 05:41 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 05:41 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 05:41 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 05:41 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 05:41 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-10 05:41 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 00:06 . 2009-10-21 13:19 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-05 08:02 . 2013-04-05 08:02 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-05 08:02 . 2013-04-05 08:02 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-04-05 08:02 . 2013-04-05 08:02 158720 ----a-w- c:\windows\system32\msls31.dll
2013-04-05 08:02 . 2013-04-05 08:02 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-05 08:02 . 2013-04-05 08:02 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-05 08:02 . 2013-04-05 08:02 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-04-05 08:02 . 2013-04-05 08:02 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-04-05 08:02 . 2013-04-05 08:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-05 08:02 . 2013-04-05 08:02 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-04-05 08:02 . 2013-04-05 08:02 361984 ----a-w- c:\windows\system32\html.iec
2013-04-05 08:02 . 2013-04-05 08:02 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-05 08:02 . 2013-04-05 08:02 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-04-05 08:02 . 2013-04-05 08:02 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-05 08:02 . 2013-04-05 08:02 138752 ----a-w- c:\windows\system32\wextract.exe
2013-04-05 08:02 . 2013-04-05 08:02 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-05 08:02 . 2013-04-05 08:02 12800 ----a-w- c:\windows\system32\mshta.exe
2013-04-05 08:02 . 2013-04-05 08:02 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\system32\GPhotos.scr
2013-02-12 04:48 . 2013-03-13 02:55 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 02:55 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 03:32 . 2013-03-17 21:06 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-04-17 06:30 . 2013-04-17 06:29 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-23 19:43 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\chromium]
2013-04-09 08:57 1312720 ----a-w- c:\users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CorelDRAW Graphics Suite 11b]
2004-06-22 23:15 729088 ----a-w- d:\corel draw 12\Languages\CZ\Programs\registration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2009-09-11 05:23 2054360 ----a-w- c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2011-01-24 16:35 233936 ----a-w- c:\windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-11-18 09:44 136176 ----atw- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-02 17:18 167424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-02 17:18 135168 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallShieldSetup]
2012-02-23 19:38 300592 ----a-w- c:\progra~1\INSTAL~1\{6811C~1\Setup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2010-07-21 15:52 1797008 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-16 05:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 05:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-02 17:18 144384 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-03-01 10:16 18643560 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2013-04-06 15:41 1043536 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Drive Unlocker]
2012-06-13 15:53 1688008 ----a-r- c:\program files\Western Digital\WD Security\WDDriveAutoUnlock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Quick View]
2012-06-14 09:58 5235128 ----a-r- c:\program files\Western Digital\WD Quick View\WDDMStatus.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 ABBYY.Licensing.PDFTransformer.Classic.3.0;ABBYY PDF Transformer 3.0 – Licenčná služba;c:\program files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 WDBackup;WD Backup;c:\program files\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S2 WDRulesService;WD Rules;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-18 09:44]
.
2013-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-18 09:44]
.
2013-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2331469836-2150878694-3527533434-1000Core.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-18 09:44]
.
2013-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2331469836-2150878694-3527533434-1000UA.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-18 09:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = ftp=squid.ku.sk:3128;http=squid.ku.sk:3128;https=squid.ku.sk:3128;socks=squid.ku.sk:3128
uInternet Settings,ProxyOverride = localhost;127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Previesť cieľ odkazu do formátu Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Previesť do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Pridať cieľ odkazu do existujúceho súboru PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Pridať do existujúceho súboru PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
TCP: DhcpNameServer = 10.125.254.254 192.168.1.1
DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} - hxxp://pulzradio.ku.sk/RtspVaPgDec.cab
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ee2mx0ri.default\
FF - prefs.js: browser.startup.homepage - google.sk
FF - prefs.js: network.proxy.ftp - squid.ku.sk
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - squid.ku.sk
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - squid.ku.sk
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - squid.ku.sk
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - squid.ku.sk
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-REGSHAVE - c:\program files\REGSHAVE\REGSHAVE.EXE
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-26_VIA_driver2 - c:\program files\Samsung\USB Drivers\26_VIA_driver2\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-09 20:20:41
ComboFix-quarantined-files.txt 2013-05-09 18:20
.
Pre-Run: 7 132 110 848 bytes free
Post-Run: 7 030 263 808 bytes free
.
- - End Of File - - D6BAAD80F7BDE4046C5D946834707FE7

#10 Příspěvek od **Rudy** » 09 kvě 2013 20:02

Mohl byste mi vysvětlit, jak jste přišel k operačnímu systému ve verzi Enterprise? Tato verze není běžně dostupná. Buď není legální, nebo se jedná o firemní PC. Ani v jednom případě zde toto neřešíme. Viz pravidla: http://forum.viry.cz/viewtopic.php?f=12&t=5601 .

enigma8877 · #11 Příspěvek od **enigma8877** » 09 kvě 2013 20:38

NB mám dočasne zapožičaný zo školy, keďže som PhD. študent, čiže sa nejedná o nelegálny softwer.
A keďže som zaň momentálne osobne zodpovedný, tak som sa rozhodol riešiť pomocou cez toto fórum.
Môžete mi s ohľadom na tieto skutočnosti pomôcť? Bol by som ozaj vďačný.

#12 Příspěvek od **Rudy** » 09 kvě 2013 21:26

Dejme tomu, že to tak je. Kdybych byl správcem výpočetní techniky ve vzdělávací instituci, určitě bych nebyl moc nadšený z nainstalovaného P2P klienta. Ale to není moje věc, to jen na okraj. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2331469836-2150878694-3527533434-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2331469836-2150878694-3527533434-1000UA.job

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallShieldSetup]

RegLocK::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte.CF se spustí a vykoná příkazy ze skriptu.

Obrázek

enigma8877 · #13 Příspěvek od **enigma8877** » 09 kvě 2013 22:48

Vďaka za pomoc, cením si to. Tu je výsledný log z Combofixu (ak je ešte potrebný).

ComboFix 13-05-09.01 - Admin . 05. 2013 23:26:22.2.2 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1250.421.1051.18.1977.1004 [GMT 2:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
Command switches used :: c:\users\Admin\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2331469836-2150878694-3527533434-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2331469836-2150878694-3527533434-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\muzapp.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2331469836-2150878694-3527533434-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2331469836-2150878694-3527533434-1000UA.job
.
.
((((((((((((((((((((((((( Files Created from 2013-04-09 to 2013-05-09 )))))))))))))))))))))))))))))))
.
.
2013-05-09 21:34 . 2013-05-09 21:36 -------- d-----w- c:\users\Admin\AppData\Local\temp
2013-05-09 21:34 . 2013-05-09 21:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-09 18:11 . 2013-05-09 18:11 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{45DA6706-44FF-40C0-B14F-2ED50B6F472F}\offreg.dll
2013-05-09 09:17 . 2013-05-09 09:17 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2013-05-09 09:16 . 2013-05-09 09:16 -------- d-----w- c:\programdata\Malwarebytes
2013-05-09 09:16 . 2013-05-09 09:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-09 09:16 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-09 09:16 . 2013-05-09 09:16 -------- d-----w- c:\users\Admin\AppData\Local\Programs
2013-05-08 09:47 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{45DA6706-44FF-40C0-B14F-2ED50B6F472F}\mpengine.dll
2013-05-06 11:44 . 2013-05-07 15:38 -------- d-----w- c:\program files\trend micro
2013-05-06 11:44 . 2013-05-06 11:44 -------- d-----w- C:\rsit
2013-04-23 22:21 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-16 16:25 . 2013-04-16 16:25 -------- d-----w- c:\program files\Common Files\Skype
2013-04-10 05:41 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 05:41 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 05:41 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 05:41 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 05:41 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-10 05:41 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 00:06 . 2009-10-21 13:19 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-05 08:02 . 2013-04-05 08:02 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-05 08:02 . 2013-04-05 08:02 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-04-05 08:02 . 2013-04-05 08:02 158720 ----a-w- c:\windows\system32\msls31.dll
2013-04-05 08:02 . 2013-04-05 08:02 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-05 08:02 . 2013-04-05 08:02 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-05 08:02 . 2013-04-05 08:02 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-04-05 08:02 . 2013-04-05 08:02 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-04-05 08:02 . 2013-04-05 08:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-05 08:02 . 2013-04-05 08:02 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-04-05 08:02 . 2013-04-05 08:02 361984 ----a-w- c:\windows\system32\html.iec
2013-04-05 08:02 . 2013-04-05 08:02 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-05 08:02 . 2013-04-05 08:02 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-04-05 08:02 . 2013-04-05 08:02 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-05 08:02 . 2013-04-05 08:02 138752 ----a-w- c:\windows\system32\wextract.exe
2013-04-05 08:02 . 2013-04-05 08:02 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-05 08:02 . 2013-04-05 08:02 12800 ----a-w- c:\windows\system32\mshta.exe
2013-04-05 08:02 . 2013-04-05 08:02 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\system32\GPhotos.scr
2013-02-12 04:48 . 2013-03-13 02:55 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 02:55 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 03:32 . 2013-03-17 21:06 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-04-17 06:30 . 2013-04-17 06:29 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-23 19:43 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\chromium]
2013-04-09 08:57 1312720 ----a-w- c:\users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CorelDRAW Graphics Suite 11b]
2004-06-22 23:15 729088 ----a-w- d:\corel draw 12\Languages\CZ\Programs\registration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2009-09-11 05:23 2054360 ----a-w- c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2011-01-24 16:35 233936 ----a-w- c:\windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-11-18 09:44 136176 ----atw- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-02 17:18 167424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-02 17:18 135168 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2010-07-21 15:52 1797008 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-16 05:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 05:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-02 17:18 144384 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-03-01 10:16 18643560 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2013-04-06 15:41 1043536 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Drive Unlocker]
2012-06-13 15:53 1688008 ----a-r- c:\program files\Western Digital\WD Security\WDDriveAutoUnlock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Quick View]
2012-06-14 09:58 5235128 ----a-r- c:\program files\Western Digital\WD Quick View\WDDMStatus.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 ABBYY.Licensing.PDFTransformer.Classic.3.0;ABBYY PDF Transformer 3.0 – Licenčná služba;c:\program files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 WDBackup;WD Backup;c:\program files\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S2 WDRulesService;WD Rules;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = ftp=squid.ku.sk:3128;http=squid.ku.sk:3128;https=squid.ku.sk:3128;socks=squid.ku.sk:3128
uInternet Settings,ProxyOverride = localhost;127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Previesť cieľ odkazu do formátu Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Previesť do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Pridať cieľ odkazu do existujúceho súboru PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Pridať do existujúceho súboru PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
TCP: DhcpNameServer = 10.125.254.254 192.168.1.1
DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} - hxxp://pulzradio.ku.sk/RtspVaPgDec.cab
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ee2mx0ri.default\
FF - prefs.js: browser.startup.homepage - google.sk
FF - prefs.js: network.proxy.ftp - squid.ku.sk
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - squid.ku.sk
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - squid.ku.sk
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - squid.ku.sk
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - squid.ku.sk
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3956)
c:\program files\TeamViewer\Version7\tv_w32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\conhost.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\system32\sppsvc.exe
c:\program files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2013-05-09 23:40:55 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-09 21:40
ComboFix2.txt 2013-05-09 18:20
.
Pre-Run: 7 087 431 680 bytes free
Post-Run: 7 037 374 464 bytes free
.
- - End Of File - - 7D0B2328D7AA1D03F3A66AC13FAC063B

#14 Příspěvek od **Rudy** » 10 kvě 2013 16:20

Log již vypadá OK. Nastala nějaká změna?

enigma8877 · #15 Příspěvek od **enigma8877** » 10 kvě 2013 22:01

Bohužiaľ, problém pretrváva i naďalej. RSIT sa nedá spustiť a vyhadzuje "AutoIt Error".

VIRY.CZ

Problém so spustením RSIT

Problém so spustením RSIT

Re: Problém so spustením RSIT

Re: Problém so spustením RSIT

Re: Problém so spustením RSIT

Re: Problém so spustením RSIT

Re: Problém so spustením RSIT

Re: Problém so spustením RSIT

Re: Problém so spustením RSIT

Re: Problém so spustením RSIT

Re: Problém so spustením RSIT

Re: Problém so spustením RSIT

Re: Problém so spustením RSIT

Re: Problém so spustením RSIT

Re: Problém so spustením RSIT

Re: Problém so spustením RSIT