Prevence

Zpráva

eko · #1 Příspěvek od **eko** » 25 úno 2010 22:41

Logfile of random's system information tool 1.06 (written by random/random)
Run by JURA at 2010-02-25 22:26:19
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 89 GB (59%) free of 153 GB
Total RAM: 3036 MB (42% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{C4B3BD68-4DD4-44A6-AC7E-6762731A80AF}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\progra~1\mcafee\msk\mskapbho.dll [2009-12-21 245272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100224092118.dll [2010-01-05 73288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\progra~1\mcafee\sitead~1\mcieplg.dll [2009-12-14 204048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-10 1174920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_1.dll [2009-12-22 2166296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_1.dll [2009-12-22 2166296]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-10 1174920]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\progra~1\mcafee\sitead~1\mcieplg.dll [2009-12-14 204048]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"=C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [2008-07-19 104936]
"P2Go_Menu"=C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-14 210216]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-03-05 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-03-05 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-03-05 150552]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2009-03-23 17149952]
"HControlUser"=C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [2008-08-18 98304]
"ATKOSD2"=C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [2009-03-04 8392704]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMedia.exe [2008-12-29 159744]
"ADSMTray"=C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe [2008-04-01 266240]
"ACMON"=C:\Program Files\ASUS\Splendid\ACMON.exe [2008-10-01 851968]
"Wireless Console 3"=C:\Program Files\ASUS\Wireless Console 3\wcourier.exe [2009-02-07 1593344]
"ASUS Screen Saver Protector"=C:\Windows\AsScrPro.exe [2009-07-27 3054136]
"ASUS Camera ScreenSaver"=C:\Windows\AsScrProlog.exe [2009-07-27 47672]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2009-03-06 424352]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"reset"=regedit /s reset.reg []
"lxbkbmgr.exe"=C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [2008-02-28 74408]
"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2010-02-03 1179952]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SRS Premium Sound"=C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe [2009-03-20 3261688]
"Seznam Postak"=C:\Users\JURA\AppData\Local\Seznam.cz\postak.exe [2010-01-18 448664]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
FancyStart daemon.lnk - C:\Windows\Installer\{567C654B-7FE9-4970-8323-56E8191D1941}\_71A97E24F422AA49EDBF39.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-02-26 210432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
"{32CD708B-60A7-4C00-9377-D73EAA495F0F}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d737a85-b4e9-11de-b941-0026188d1467}]
shell\AutoRun\command - nds0q.exe
shell\open\command - nds0q.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7654bf6-040a-11df-a09d-0026188d1467}]
shell\AutoRun\command - G:\nds0q.exe
shell\open\command - G:\nds0q.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{deae7454-13b4-11df-acb2-0026188d1467}]
shell\AutoRun\command - nds0q.exe
shell\open\command - nds0q.exe

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-02-25 22:26:19 ----D---- C:\rsit
2010-02-25 22:26:19 ----D---- C:\Program Files\trend micro
2010-02-25 14:03:47 ----D---- C:\Program Files\Pyro Studios
2010-02-25 12:18:20 ----D---- C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2010-02-25 12:18:20 ----D---- C:\Program Files\FireSky
2010-02-25 12:17:31 ----A---- C:\Windows\system32\d3dx10_39.dll
2010-02-25 12:17:31 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2010-02-25 12:17:29 ----A---- C:\Windows\system32\D3DX9_39.dll
2010-02-24 22:00:23 ----D---- C:\Program Files\Adobe
2010-02-24 09:20:52 ----D---- C:\Program Files\McAfee.com
2010-02-23 20:40:35 ----A---- C:\Windows\system32\jscript.dll
2010-02-23 20:40:19 ----A---- C:\Windows\system32\tzres.dll
2010-02-23 20:39:38 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-23 20:39:38 ----A---- C:\Windows\system32\secproc.dll
2010-02-23 20:39:37 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-23 20:39:36 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-23 20:39:36 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-23 20:39:36 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-23 20:39:36 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-23 20:39:36 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-23 20:39:36 ----A---- C:\Windows\system32\msdrm.dll
2010-02-23 20:39:32 ----A---- C:\Windows\system32\gameux.dll
2010-02-23 20:39:31 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-02-23 20:39:30 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-02-23 16:32:00 ----D---- C:\Users\JURA\AppData\Roaming\Feuerwache
2010-02-23 13:00:31 ----D---- C:\Program Files\McAfeeMOBK
2010-02-23 13:00:22 ----D---- C:\Program Files\McAfee Online Backup
2010-02-23 12:35:23 ----D---- C:\Program Files\Common Files\Mcafee
2010-02-23 12:21:48 ----D---- C:\Users\JURA\AppData\Roaming\McAfee
2010-02-23 11:22:37 ----D---- C:\ProgramData\SiteAdvisor
2010-02-23 11:19:19 ----D---- C:\Program Files\McAfee
2010-02-23 11:17:01 ----D---- C:\ProgramData\McAfee
2010-02-20 14:51:21 ----D---- C:\Program Files\Common Files\BioWare
2010-02-18 09:05:39 ----D---- C:\Program Files\Ask.com
2010-02-18 09:05:37 ----D---- C:\Users\JURA\AppData\Roaming\BitTorrent
2010-02-18 09:05:32 ----D---- C:\Program Files\BitTorrent
2010-02-17 08:41:55 ----D---- C:\Users\JURA\AppData\Roaming\Azureus
2010-02-15 10:30:50 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-02-15 10:30:50 ----A---- C:\Windows\system32\xactengine3_5.dll
2010-02-15 10:30:49 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-02-15 10:30:47 ----A---- C:\Windows\system32\d3dcsx_42.dll
2010-02-15 10:30:46 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-02-15 10:30:45 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-02-15 10:30:44 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2010-02-15 10:30:43 ----A---- C:\Windows\system32\XAudio2_3.dll
2010-02-15 10:30:43 ----A---- C:\Windows\system32\XAudio2_2.dll
2010-02-15 10:30:43 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2010-02-15 10:30:43 ----A---- C:\Windows\system32\xactengine3_3.dll
2010-02-15 10:30:43 ----A---- C:\Windows\system32\xactengine3_2.dll
2010-02-15 10:30:43 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2010-02-15 10:18:48 ----D---- C:\Program Files\bitComposer Games
2010-02-13 18:43:53 ----D---- C:\Program Files\Nuganics
2010-02-10 08:56:45 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-10 08:56:44 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-10 08:56:35 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-10 08:56:35 ----A---- C:\Windows\system32\quartz.dll
2010-02-10 08:56:35 ----A---- C:\Windows\system32\msyuv.dll
2010-02-10 08:56:35 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-10 08:56:35 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-10 08:56:35 ----A---- C:\Windows\system32\msrle32.dll
2010-02-10 08:56:35 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-10 08:56:35 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-10 08:56:34 ----A---- C:\Windows\system32\avifil32.dll
2010-02-09 23:03:27 ----D---- C:\Program Files\Free Fire Screensaver
2010-02-09 23:03:17 ----D---- C:\Users\JURA\AppData\Roaming\Laconic Software
2010-02-09 22:43:15 ----D---- C:\Program Files\Dream Aquarium
2010-02-08 19:47:30 ----D---- C:\temp
2010-02-08 19:44:22 ----A---- C:\Windows\Lexstat.ini
2010-02-08 19:42:53 ----D---- C:\Program Files\Lexmark X1100 Series
2010-02-08 19:42:43 ----A---- C:\Windows\system32\lxbkutil.dll
2010-02-08 19:42:43 ----A---- C:\Windows\system32\lxbkusb1.dll
2010-02-08 19:42:43 ----A---- C:\Windows\system32\lxbkserv.dll
2010-02-08 19:42:43 ----A---- C:\Windows\system32\lxbkprox.dll
2010-02-08 19:42:43 ----A---- C:\Windows\system32\lxbkpplc.dll
2010-02-08 19:42:43 ----A---- C:\Windows\system32\lxbkpmui.dll
2010-02-08 19:42:43 ----A---- C:\Windows\system32\lxbklmpm.dll
2010-02-08 19:42:43 ----A---- C:\Windows\system32\lxbkjswr.dll
2010-02-08 19:42:43 ----A---- C:\Windows\system32\LXBKinst.dll
2010-02-08 19:42:43 ----A---- C:\Windows\system32\lxbkinsr.dll
2010-02-08 19:42:43 ----A---- C:\Windows\system32\lxbkinsb.dll
2010-02-08 19:42:43 ----A---- C:\Windows\system32\lxbkins.dll
2010-02-08 19:42:43 ----A---- C:\Windows\system32\lxbkinpa.dll
2010-02-08 19:42:43 ----A---- C:\Windows\system32\lxbkih.exe
2010-02-08 19:42:43 ----A---- C:\Windows\system32\lxbkiesc.dll
2010-02-08 19:42:43 ----A---- C:\Windows\system32\LXBKhcp.dll
2010-02-08 19:42:43 ----A---- C:\Windows\system32\lxbkhbn3.dll
2010-02-08 19:42:43 ----A---- C:\Windows\system32\lxbkgf.dll
2010-02-08 19:42:43 ----A---- C:\Windows\system32\lxbkcur.dll
2010-02-08 19:42:43 ----A---- C:\Windows\system32\lxbkcu.dll
2010-02-08 19:42:43 ----A---- C:\Windows\system32\lxbkcoms.exe
2010-02-08 19:42:43 ----A---- C:\Windows\system32\lxbkcomm.dll
2010-02-08 19:42:43 ----A---- C:\Windows\system32\lxbkcomc.dll
2010-02-08 19:42:42 ----A---- C:\Windows\system32\lxbkcfg.exe
2010-02-08 19:42:42 ----A---- C:\Windows\system32\LXBKcfg.dll
2010-02-08 19:42:30 ----D---- C:\drivers

======List of files/folders modified in the last 1 months======

2010-02-25 22:26:19 ----RD---- C:\Program Files
2010-02-25 22:26:16 ----D---- C:\Windows\temp
2010-02-25 22:16:51 ----D---- C:\Users\JURA\AppData\Roaming\Skype
2010-02-25 20:08:36 ----D---- C:\Users\JURA\AppData\Roaming\skypePM
2010-02-25 14:03:44 ----SHD---- C:\System Volume Information
2010-02-25 12:18:20 ----SHD---- C:\Windows\Installer
2010-02-25 12:18:20 ----D---- C:\Windows
2010-02-25 12:18:18 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-02-25 12:18:09 ----D---- C:\Windows\winsxs
2010-02-25 12:17:32 ----D---- C:\Windows\System32
2010-02-25 11:39:34 ----HD---- C:\ASUS.DAT
2010-02-25 11:39:22 ----A---- C:\Windows\system32\acovcnt.exe
2010-02-25 11:38:21 ----A---- C:\Windows\system32\rpcnetp.exe
2010-02-25 11:38:19 ----A---- C:\Windows\system32\rpcnet.dll
2010-02-24 22:00:31 ----D---- C:\Program Files\Common Files\Adobe
2010-02-24 22:00:30 ----D---- C:\ProgramData\Adobe
2010-02-24 09:21:46 ----D---- C:\Windows\system32\drivers
2010-02-24 09:21:46 ----D---- C:\Windows\system32\catroot
2010-02-24 09:21:42 ----D---- C:\Windows\inf
2010-02-24 09:15:34 ----D---- C:\Windows\system32\catroot2
2010-02-23 21:21:44 ----D---- C:\Windows\rescache
2010-02-23 20:45:51 ----D---- C:\Windows\system32\cs-CZ
2010-02-23 20:45:51 ----D---- C:\Windows\AppPatch
2010-02-23 20:45:50 ----RSD---- C:\Windows\Fonts
2010-02-23 20:45:44 ----RD---- C:\Users
2010-02-23 14:42:48 ----SD---- C:\Windows\Downloaded Program Files
2010-02-23 13:00:25 ----DC---- C:\Windows\system32\DRVSTORE
2010-02-23 12:35:23 ----D---- C:\Program Files\Common Files
2010-02-23 12:30:35 ----D---- C:\Windows\Tasks
2010-02-23 11:30:05 ----D---- C:\Windows\Prefetch
2010-02-23 11:22:37 ----D---- C:\ProgramData
2010-02-23 11:19:39 ----D---- C:\Windows\system32\Tasks
2010-02-22 17:00:46 ----D---- C:\Users\JURA\AppData\Roaming\BSplayer
2010-02-20 16:22:14 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-20 15:43:55 ----RSD---- C:\Windows\assembly
2010-02-17 13:12:31 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-02-17 09:58:57 ----D---- C:\Downloads
2010-02-17 08:16:39 ----D---- C:\Users\JURA\AppData\Roaming\FlashGet
2010-02-10 09:02:54 ----D---- C:\Program Files\Windows Mail
2010-02-10 08:58:05 ----D---- C:\Windows\Debug
2010-02-10 08:58:00 ----D---- C:\ProgramData\Microsoft Help
2010-02-08 19:43:26 ----D---- C:\Windows\twain_32
2010-02-01 20:26:20 ----A---- C:\Windows\system32\mrt.exe
2010-01-27 18:15:18 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 mfenlfk;McAfee NDIS Light Filter; C:\Windows\system32\DRIVERS\mfenlfk.sys [2010-01-05 64304]
R1 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys [2010-01-05 160720]
R1 MOBKFilter;MOBKFilter; C:\Windows\system32\DRIVERS\MOBK.sys [2010-02-05 54776]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2009-06-18 142832]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-10-07 278984]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-10-07 25416]
R2 RMCAST;Ovladač protokolu RMCAST (Pgm); C:\Windows\system32\DRIVERS\RMCAST.sys [2009-04-11 113664]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-09-05 1183744]
R3 cfwids;McAfee Inc. cfwids; C:\Windows\system32\drivers\cfwids.sys [2010-01-05 55456]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2009-03-13 140800]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-02-26 4569088]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2008-11-03 13880]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E60x86.sys [2009-08-05 48640]
R3 mfeapfk;McAfee Inc. mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [2010-01-05 95568]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2010-01-05 152320]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2010-01-05 51688]
R3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys [2010-01-05 312584]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2008-12-24 14392]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2008-08-11 1752704]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound; C:\Windows\system32\drivers\srs_PremiumSound_i386.sys [2009-01-14 230952]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-05-23 29696]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-03-20 984064]
S3 41bF45E;41bF45E; \??\C:\Users\JURA\AppData\Local\Temp\41bF45E.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 CRFILTER;USB Mass Storage Filter; C:\Windows\system32\DRIVERS\CRFILTER.sys [2008-04-07 6656]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 esihdrv;esihdrv; \??\C:\Users\JURA\AppData\Local\Temp\esihdrv.sys []
S3 fsbl;F-Secure BlackLight Engine Driver; \??\C:\Program Files\F-Secure\Anti-Virus\fsbldrv.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2008-12-08 55264]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 mfeavfk01;McAfee Inc.; C:\Windows\system32\drivers\mfeavfk01.sys []
S3 mferkdet;McAfee Inc. mferkdet; C:\Windows\system32\drivers\mferkdet.sys [2010-01-05 83496]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2009-06-18 42480]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 rkhdrv40;Rootkit Unhooker Driver; C:\Windows\system32\drivers\rkhdrv40.sys [2009-11-13 24448]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 131000]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2008-03-31 225280]
R2 ASLDRService;ASLDR Service; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [2008-08-14 100920]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 lxbk_device;lxbk_device; C:\Windows\system32\lxbkcoms.exe [2008-02-19 537256]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-14 271480]
R2 McMPFSvc;McAfee Personal Firewall; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-14 271480]
R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-14 271480]
R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-14 271480]
R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-14 271480]
R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-14 271480]
R2 McShield;McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2010-01-05 170144]
R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-01-05 188136]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-01-05 141792]
R2 MOBKbackup;1%; C:\Program Files\McAfee Online Backup\MOBKbackup.exe [2010-02-05 229688]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-14 271480]
R2 rpcnet;Remote Procedure Call (RPC) Net; C:\Windows\system32\rpcnet.exe [2009-10-03 56680]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
S2 MsMpSvc;@C:\Program Files\Microsoft Security Essentials\MpAsDesc.dll,-241; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe []
S2 RsVScanner;Rising Vista Scanner; C:\Program Files\Rising\Rav\scannerd.exe []
S3 AHZ;AHZ; C:\Users\JURA\AppData\Local\Temp\AHZ.exe []
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 fsssvc;Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-27 156656]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LBLCDIGUIW;LBLCDIGUIW; C:\Users\JURA\AppData\Local\Temp\LBLCDIGUIW.exe []
S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2009-12-30 364216]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 YMQJGET;YMQJGET; C:\Users\JURA\AppData\Local\Temp\YMQJGET.exe []

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 26 úno 2010 19:36

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

eko · #3 Příspěvek od **eko** » 26 úno 2010 19:52

ok na combofixu pracuju celkem by me zajmalo jestly tam neco je bo mam novy antivir

eko · #4 Příspěvek od **eko** » 26 úno 2010 20:06

ComboFix 10-02-26.01 - JURA 26.02.2010 19:45:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3036.1912 [GMT 1:00]
Spuštěný z: c:\users\JURA\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_iprip

((((((((((((((((((((((((( Soubory vytvořené od 2010-01-26 do 2010-02-26 )))))))))))))))))))))))))))))))
.

2010-02-26 17:12 . 2009-06-10 09:43 71168 ----a-w- c:\windows\system32\telnet.exe
2010-02-26 14:25 . 2010-02-26 14:25 -------- d-----w- c:\program files\Gameforge4D
2010-02-26 09:39 . 2010-02-26 09:39 -------- d-----w- c:\users\JURA\AppData\Local\VS Revo Group
2010-02-26 09:39 . 2009-12-30 10:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-02-25 13:03 . 2010-02-25 13:03 -------- d-----w- c:\program files\Pyro Studios
2010-02-25 11:18 . 2010-02-26 14:56 -------- d-----w- c:\program files\FireSky
2010-02-25 11:18 . 2010-02-25 11:18 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2010-02-25 11:17 . 2008-07-12 07:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-02-25 11:17 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-02-25 11:17 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-02-24 08:21 . 2010-01-05 17:04 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-02-24 08:21 . 2010-01-05 17:04 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-02-24 08:21 . 2010-01-05 17:04 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-02-24 08:21 . 2010-01-05 17:04 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-02-24 08:21 . 2010-01-05 17:04 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-02-24 08:21 . 2010-01-05 17:04 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-02-24 08:21 . 2010-01-05 17:04 385536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-02-24 08:21 . 2010-01-05 17:04 312584 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-02-24 08:21 . 2010-01-05 17:04 160720 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-02-24 08:21 . 2010-01-05 17:04 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-02-24 08:20 . 2010-02-24 08:20 -------- d-----w- c:\program files\McAfee.com
2010-02-23 19:40 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-23 19:39 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-23 19:39 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-23 19:39 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-23 19:39 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-23 19:39 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-23 19:39 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-23 19:39 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-23 19:39 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-23 19:39 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-23 19:39 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-23 19:39 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-23 19:39 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-23 15:32 . 2010-02-23 15:38 -------- d-----w- c:\users\JURA\AppData\Roaming\Feuerwache
2010-02-23 12:00 . 2010-02-23 12:00 -------- d-----w- c:\program files\McAfeeMOBK
2010-02-23 12:00 . 2010-02-05 20:13 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2010-02-23 12:00 . 2010-02-23 12:00 -------- d-----w- c:\program files\McAfee Online Backup
2010-02-23 11:35 . 2010-02-24 08:21 -------- d-----w- c:\program files\Common Files\Mcafee
2010-02-23 11:21 . 2010-02-23 11:21 -------- d-----w- c:\users\JURA\AppData\Roaming\McAfee
2010-02-23 10:22 . 2010-02-23 10:22 -------- d-----w- c:\programdata\SiteAdvisor
2010-02-23 10:19 . 2010-02-24 16:00 -------- d-----w- c:\program files\McAfee
2010-02-23 10:17 . 2010-02-24 08:24 -------- d-----w- c:\programdata\McAfee
2010-02-20 14:47 . 2010-02-20 14:47 -------- d-----w- c:\users\JURA\AppData\Local\Activision
2010-02-20 13:51 . 2010-02-20 14:15 -------- d-----w- c:\program files\Common Files\BioWare
2010-02-18 08:05 . 2010-02-26 09:37 -------- d-----w- c:\users\JURA\AppData\Roaming\BitTorrent
2010-02-18 08:05 . 2010-02-23 19:27 -------- d-----w- c:\program files\BitTorrent
2010-02-17 07:41 . 2010-02-18 08:02 -------- d-----w- c:\users\JURA\AppData\Roaming\Azureus
2010-02-15 09:18 . 2010-02-15 09:18 -------- d-----w- c:\program files\bitComposer Games
2010-02-13 17:43 . 2010-02-13 17:43 -------- d-----w- c:\program files\Nuganics
2010-02-13 17:43 . 2010-02-13 17:43 1807938 ----a-w- c:\windows\system32\Licking Dog Screen Clean.scr
2010-02-09 22:03 . 2010-02-09 22:03 -------- d-----w- c:\program files\Free Fire Screensaver
2010-02-09 22:03 . 2010-02-09 22:03 -------- d-----w- c:\users\JURA\AppData\Roaming\Laconic Software
2010-02-09 21:43 . 2010-02-09 21:43 -------- d-----w- c:\program files\Dream Aquarium
2010-02-09 21:42 . 2010-02-13 19:11 -------- d-----w- c:\users\JURA\AppData\Local\Axialis
2010-02-08 18:47 . 2010-02-14 08:11 -------- d-----w- C:\temp
2010-02-08 18:44 . 2008-02-15 15:35 102400 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxbkpp5c.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 18:56 . 2009-07-27 15:29 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-02-26 18:56 . 2009-10-03 18:54 56680 ----a-w- c:\windows\system32\rpcnet.dll
2010-02-26 18:56 . 2009-07-27 17:00 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-02-26 18:55 . 2009-10-04 12:44 12 ----a-w- c:\windows\bthservsdp.dat
2010-02-26 17:28 . 2009-10-03 20:42 -------- d-----w- c:\users\JURA\AppData\Roaming\Skype
2010-02-26 15:27 . 2009-10-03 20:44 -------- d-----w- c:\users\JURA\AppData\Roaming\skypePM
2010-02-26 09:41 . 2009-10-19 06:30 -------- d-----w- c:\program files\VS Revo Group
2010-02-25 22:45 . 2009-07-27 16:49 -------- d-----w- c:\program files\ASUS
2010-02-25 11:18 . 2009-10-25 12:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-24 21:00 . 2009-10-03 16:39 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-23 22:09 . 2009-10-03 16:37 100432 ----a-w- c:\users\JURA\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-22 16:00 . 2009-11-29 14:08 -------- d-----w- c:\users\JURA\AppData\Roaming\BSplayer
2010-02-20 15:22 . 2009-07-27 15:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-17 12:12 . 2008-04-17 10:34 606680 ----a-w- c:\windows\system32\perfh005.dat
2010-02-17 12:12 . 2008-04-17 10:34 118634 ----a-w- c:\windows\system32\perfc005.dat
2010-02-17 07:16 . 2009-10-22 10:23 -------- d-----w- c:\users\JURA\AppData\Roaming\FlashGet
2010-02-10 08:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-10 07:58 . 2009-07-27 15:43 -------- d-----w- c:\programdata\Microsoft Help
2010-02-08 18:45 . 2010-02-08 18:42 -------- d-----w- c:\program files\Lexmark X1100 Series
2010-01-21 06:36 . 2009-10-04 06:14 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 16:04 . 2010-01-19 15:00 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-01-19 16:04 . 2010-01-19 15:00 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-01-19 16:04 . 2010-01-19 15:00 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-01-19 07:09 . 2010-01-19 07:09 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-01-14 15:17 . 2009-11-30 13:53 -------- d-----w- c:\users\JURA\AppData\Roaming\Imperium Romanum
2010-01-14 10:24 . 2010-01-14 10:24 -------- d-----w- c:\programdata\WindowsSearch
2010-01-14 10:12 . 2009-10-13 07:05 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-06 15:38 . 2010-02-23 19:39 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-23 19:39 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-23 19:39 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-23 19:39 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-02 06:38 . 2010-01-22 11:35 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 11:35 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 11:35 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 11:35 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-18 08:20 . 2009-12-18 08:20 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-11 11:43 . 2010-02-10 07:56 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-10 07:56 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:01 . 2010-02-10 07:56 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-10 07:56 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01 . 2010-02-10 07:56 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:26 . 2010-02-10 07:56 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-04 18:30 . 2010-02-10 07:56 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-10 07:56 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-10 07:56 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-10 07:56 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-10 07:56 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-10 07:56 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-10 07:56 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-10 07:56 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-10 07:56 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-10 07:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-10 07:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2008-12-23 20:36 . 2008-12-23 20:36 106496 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2008-05-22 15:35 . 2008-05-22 15:35 51962 ----a-w- c:\program files\Common Files\banner.jpg
2007-06-12 16:34 . 2007-06-12 16:34 35822 ----a-w- c:\program files\Common Files\ASPG_icon.ico
2009-10-31 14:41 . 2009-10-18 09:21 1615904 --sha-w- c:\windows\System32\drivers\fidbox.dat
2009-07-27 15:53 . 2009-07-27 15:53 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-12-22 2166296]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-12-22 19:03 2166296 ----a-w- c:\program files\BS_Player\tbBS_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-12-22 2166296]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-12-22 2166296]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-03-20 3261688]
"Seznam Postak"="c:\users\JURA\AppData\Local\Seznam.cz\postak.exe" [2010-01-18 448664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 150552]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-03-23 17149952]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-12-29 159744]
"ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2008-10-01 851968]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2009-02-06 1593344]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-07-27 3054136]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-07-27 47672]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-03-06 424352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-03 1179952]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):36,7d,ec,9d,b8,44,ca,01

R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [27.7.2009 17:50 15416]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\System32\drivers\mfenlfk.sys [24.2.2010 9:21 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\System32\drivers\mfewfpk.sys [24.2.2010 9:21 160720]
R1 MOBKFilter;MOBKFilter;c:\windows\System32\drivers\MOBK.sys [23.2.2010 13:00 54776]
R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe -service --> c:\windows\system32\lxbkcoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [24.2.2010 9:20 271480]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [24.2.2010 9:20 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [24.2.2010 9:20 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [24.2.2010 9:21 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [24.2.2010 9:21 141792]
R2 MOBKbackup;1%;c:\program files\McAfee Online Backup\MOBKbackup.exe [5.2.2010 21:14 229688]
R3 cfwids;McAfee Inc. cfwids;c:\windows\System32\drivers\cfwids.sys [24.2.2010 9:21 55456]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\System32\drivers\ETD.sys [13.3.2009 4:11 140800]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\System32\drivers\mfefirek.sys [24.2.2010 9:21 312584]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\System32\drivers\SRS_PremiumSound_i386.sys [27.7.2009 17:53 230952]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\System32\drivers\viahduaa.sys [20.3.2009 7:21 984064]
S2 RsVScanner;Rising Vista Scanner;c:\program files\Rising\Rav\scannerd.exe --> c:\program files\Rising\Rav\scannerd.exe [?]
S3 AHZ;AHZ;c:\users\JURA\AppData\Local\Temp\AHZ.exe --> c:\users\JURA\AppData\Local\Temp\AHZ.exe [?]
S3 CRFILTER;USB Mass Storage Filter;c:\windows\System32\drivers\CRFILTER.sys [7.4.2008 7:00 6656]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [3.10.2009 17:44 55264]
S3 fsssvc;Windows Live Zabezpečení rodiny;c:\program files\Windows Live\Family Safety\fsssvc.exe [8.12.2008 16:01 533344]
S3 LBLCDIGUIW;LBLCDIGUIW;c:\users\JURA\AppData\Local\Temp\LBLCDIGUIW.exe --> c:\users\JURA\AppData\Local\Temp\LBLCDIGUIW.exe [?]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\System32\drivers\mferkdet.sys [24.2.2010 9:21 83496]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [18.6.2009 18:48 42480]
S3 Revoflt;Revoflt;c:\windows\System32\drivers\revoflt.sys [26.2.2010 10:39 27192]
S3 rkhdrv40;Rootkit Unhooker Driver;c:\windows\System32\drivers\rkhdrv40.sys [13.11.2009 9:21 24448]
S3 YMQJGET;YMQJGET;c:\users\JURA\AppData\Local\Temp\YMQJGET.exe --> c:\users\JURA\AppData\Local\Temp\YMQJGET.exe [?]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
ipripsvc REG_MULTI_SZ iprip

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-02-26 c:\windows\Tasks\User_Feed_Synchronization-{C4B3BD68-4DD4-44A6-AC7E-6762731A80AF}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Scan link by Dr.Web - http://www.drweb.com/online/drweb-online-en.html
Trusted Zone: internet
Trusted Zone: mcafee.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellIconOverlayIdentifiers-{3c3f3c1a-9153-7c05-f938-622e7003894d} - (no file)
ShellIconOverlayIdentifiers-{e6ea1d7d-144e-b977-98c4-84c53c1a69d0} - (no file)
ShellIconOverlayIdentifiers-{b4caf489-1eec-c617-49ad-8d7088598c06} - (no file)
ShellExecuteHooks-{32CD708B-60A7-4C00-9377-D73EAA495F0F} - (no file)

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe -r???????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1737227816-726752648-1595867434-1000\Software\SecuROM\License information*]
"datasecu"=hex:94,54,85,ae,d8,41,44,42,52,c9,88,d0,c6,62,7c,a4,d5,d4,61,1b,1e,
95,b3,43,4a,38,79,a0,f8,8c,40,dc,82,0a,82,84,48,80,f0,3f,b2,94,b3,1e,88,bb,\
"rkeysecu"=hex:a9,d3,09,f7,69,8f,1c,28,da,78,f1,39,37,e6,50,5f

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(5740)
c:\progra~1\mcafee\sitead~1\saHook.dll
c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\program files\ASUS\SmartLogon\smartlogon.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\windows\system32\WLANExt.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\lxbkcoms.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rpcnet.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\windows\system32\vssvc.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\agent\mcupdate.exe
.
**************************************************************************
.
Celkový čas: 2010-02-26 20:04:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-26 19:04

Před spuštěním: Volných bajtů: 94 799 917 056
Po spuštění: Volných bajtů: 94 618 722 304

- - End Of File - - 1FB2559CACA5F590679F6FF5740F3DAF

#5 Příspěvek od **Rudy** » 26 úno 2010 20:28

Ještě dočistíme. Otevřte poznámkmový blok a zkopírujte do něj:

Collect::
c:\windows\system32\acovcnt.exe
c:\users\JURA\AppData\Local\Temp\LBLCDIGUIW.exe
c:\users\JURA\AppData\Local\Temp\YMQJGET.exe

Driver::
LBLCDIGUIW
YMQJGET

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

eko · #6 Příspěvek od **eko** » 26 úno 2010 21:12

ok uztomam dekuji

#7 Příspěvek od **Rudy** » 26 úno 2010 22:18

Nemáte zač!

VIRY.CZ

Prevence

Prevence

Re: Prevence

Re: Prevence

Re: Prevence

Re: Prevence

Re: Prevence

Re: Prevence