Prosím o kontrolu logu - Infikována datová položka registru

[M4RTY]

HJT


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:28:03, on 20.6.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\explorer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\HJT\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.cz/ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{49E7AC88-3BD9-4673-A8D9-DA1CFF080C49}: NameServer = 10.10.10.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Fortres Security Runtime (fsrt) - Unknown owner - C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\FSRT.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 4398 bytes
mbam

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4125

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

20.6.2010 10:26:59
mbam-log-2010-06-20 (10-26-59).txt

Typ skenu: Rychlý sken
Skenované objekty: 126551
Uplynulý čas: 4 minuta(y), 1 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 1
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[Reklama]

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit nový log z MbAM.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

[M4RTY]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4125

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

20.6.2010 12:43:23
mbam-log-2010-06-20 (12-43-23).txt

Typ skenu: Rychlý sken
Skenované objekty: 126551
Uplynulý čas: 4 minuta(y), 1 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 1
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)


Později udělám ten ComboFix

[M4RTY]

ComboFix 10-06-19.03 - Martin 20.06.2010 14:09:09.1.1 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.2047.1475 [GMT 2:00]
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Ijl11.dll
c:\windows\system32\vbpng1.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-20 do 2010-06-20 )))))))))))))))))))))))))))))))
.

2010-06-20 12:13 . 2010-06-20 12:14 -------- d-----w- c:\users\Martin\AppData\Local\temp
2010-06-20 12:13 . 2010-06-20 12:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-20 12:09 . 2010-06-20 12:09 -------- d-----w- c:\users\Martin\AppData\Local\ESET
2010-06-19 13:23 . 2010-06-19 15:12 -------- d-----w- c:\programdata\FLEXnet
2010-06-19 13:16 . 2010-06-19 13:16 -------- d-----w- c:\program files\Bonjour
2010-06-19 13:11 . 2010-06-19 13:11 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-06-19 10:52 . 2010-06-19 10:52 -------- d-----w- c:\program files\Defraggler
2010-06-19 09:21 . 2010-06-19 09:21 -------- d---a-w- c:\program files\Revo_Uninstaller
2010-06-19 08:49 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2010-06-19 08:48 . 2010-06-19 08:49 -------- d-----w- c:\program files\VstPlugins
2010-06-19 08:48 . 2010-06-19 08:48 -------- d-----w- c:\program files\Outsim
2010-06-17 12:00 . 2010-06-17 12:00 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-16 20:01 . 2010-06-16 20:01 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-13 13:59 . 2010-06-13 13:59 -------- d-----w- c:\windows\system32\Wat
2010-06-12 17:02 . 2010-06-12 17:02 -------- d--h--w- c:\windows\PIF
2010-06-12 14:02 . 2010-06-12 14:02 -------- d-----w- C:\FGCDIR
2010-06-12 13:55 . 2010-06-12 13:59 -------- d-----w- c:\program files\WhoCrashed
2010-06-12 13:29 . 2006-12-12 15:00 27176 ----a-w- c:\windows\system32\drivers\fgcpst.sys
2010-06-12 12:28 . 2010-06-12 13:22 -------- d-----w- c:\program files\nLite
2010-06-10 18:35 . 2010-06-10 18:35 -------- d-----w- C:\TERASOFT
2010-06-10 18:35 . 2010-06-10 18:35 7008 ----a-w- c:\windows\system\SETUPKIT.DLL
2010-06-10 18:35 . 2010-06-10 18:35 398416 ----a-w- c:\windows\system\VBRUN300.DLL
2010-06-10 18:35 . 2010-06-10 18:35 39233 ----a-w- c:\windows\SETUP1.EXE
2010-06-10 13:44 . 2010-06-10 13:44 -------- d-----w- c:\program files\IM
2010-06-10 05:12 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-06-10 05:12 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-10 05:12 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-10 05:12 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-06-10 05:12 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-09 15:45 . 2010-06-09 15:46 -------- d-----w- c:\program files\JDownloader
2010-06-08 18:04 . 2010-06-08 18:04 93388 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-08 18:04 . 2010-06-08 18:04 -------- d-----w- c:\users\Martin\AppData\Roaming\Apple Computer
2010-06-08 18:04 . 2010-06-08 18:04 -------- d-----w- c:\users\Martin\AppData\Local\Apple Computer
2010-06-08 18:04 . 2010-06-08 18:04 -------- d-----w- c:\program files\Safari
2010-06-08 18:04 . 2010-06-08 18:04 -------- d-----w- c:\programdata\Apple Computer
2010-06-08 18:03 . 2010-06-08 18:03 -------- d-----w- c:\program files\Common Files\Apple
2010-06-08 18:03 . 2010-06-08 18:03 -------- d-----w- c:\users\Martin\AppData\Local\Apple
2010-06-08 18:03 . 2010-06-08 18:03 -------- d-----w- c:\program files\Apple Software Update
2010-06-08 18:03 . 2010-06-08 18:03 -------- d-----w- c:\programdata\Apple
2010-06-06 19:13 . 2010-06-20 12:04 -------- d-----w- c:\programdata\NVIDIA
2010-06-06 19:12 . 2010-06-06 19:14 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-05 19:51 . 2010-06-05 19:54 -------- d-----w- C:\Fraps
2010-06-05 08:36 . 2010-06-05 08:37 -------- d-----w- c:\program files\ScreenShots
2010-06-05 08:16 . 2010-06-05 08:16 -------- d-----w- c:\programdata\KONAMI
2010-06-04 10:29 . 2010-06-04 10:29 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-03 18:52 . 2010-06-05 21:14 0 ----a-w- c:\windows\system32\Access.dat
2010-06-03 18:52 . 2010-06-03 20:12 -------- d-----w- c:\users\Martin\AppData\Roaming\Tunngle
2010-06-03 18:52 . 2010-06-03 19:00 -------- d-----w- c:\programdata\Tunngle
2010-06-03 18:52 . 2009-09-16 05:02 27136 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2010-06-03 18:51 . 2010-06-03 18:52 -------- d-----w- c:\program files\Tunngle
2010-06-02 17:13 . 2005-05-17 13:48 24576 ----a-w- c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\vw8wist1.default\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}\components\PlainOldFavorites.dll
2010-06-01 17:36 . 2010-06-01 17:36 -------- d-----w- c:\users\Martin\AppData\Local\Stardock
2010-06-01 17:35 . 2010-06-01 17:35 -------- d-----w- c:\program files\Common Files\Stardock
2010-06-01 17:35 . 2010-06-01 17:35 -------- d-----w- c:\program files\Stardock
2010-06-01 14:51 . 2010-06-01 14:51 -------- d-----w- c:\windows\SWAT 4
2010-05-31 12:48 . 2010-05-31 12:48 -------- d-----w- c:\users\Martin\AppData\Local\SRS Labs
2010-05-31 12:47 . 2010-05-31 12:47 -------- d-----w- c:\programdata\SRS Labs
2010-05-31 12:46 . 2010-05-31 12:46 -------- d-----w- c:\program files\Common Files\SRS Labs Shared
2010-05-30 17:00 . 2010-05-30 17:11 -------- d-----w- c:\programdata\WinZip
2010-05-30 10:16 . 2010-05-30 17:15 -------- d-----w- c:\program files\ICQ-Banner-Remover
2010-05-30 10:10 . 2010-05-30 10:10 -------- d-----w- c:\users\Martin\AppData\Local\AOL
2010-05-30 07:16 . 2010-05-30 07:16 0 ----a-w- c:\windows\nsreg.dat
2010-05-29 19:02 . 2010-05-29 19:02 -------- d-----w- c:\program files\FDRLab
2010-05-29 17:15 . 2010-05-29 17:15 -------- d-----w- c:\program files\Activision
2010-05-29 07:41 . 2010-05-29 07:41 -------- d-----w- c:\windows\Sun
2010-05-28 14:37 . 2010-05-28 14:37 -------- d-----w- c:\users\Martin\AppData\Roaming\GRETECH
2010-05-28 14:36 . 2010-05-28 14:36 -------- d-----w- c:\program files\GRETECH
2010-05-27 19:02 . 2010-05-27 19:02 -------- d-----w- c:\users\Martin\AppData\Roaming\VitySoft
2010-05-27 19:01 . 2010-05-27 19:01 -------- d-----w- c:\program files\Common Files\Java
2010-05-27 19:01 . 2010-05-27 19:01 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-27 19:01 . 2010-05-27 19:01 -------- d-----w- c:\program files\Java
2010-05-27 18:57 . 2010-05-27 18:57 -------- d-----w- c:\program files\FreeRapidDonwloader
2010-05-26 13:30 . 2010-05-26 13:33 -------- d-----w- c:\program files\Classic Shell
2010-05-26 12:14 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-25 15:28 . 2010-06-19 16:03 -------- d-----w- c:\users\Martin\AppData\Local\Adobe
2010-05-24 18:32 . 2010-06-19 09:26 -------- d-----w- c:\users\Martin\AppData\Local\Deployment
2010-05-24 18:32 . 2010-05-24 18:32 -------- d-----w- c:\users\Martin\AppData\Local\Apps
2010-05-24 16:31 . 2010-06-04 12:01 -------- d-----w- c:\users\Martin\AppData\Local\LogMeIn Hamachi
2010-05-24 16:31 . 2010-05-24 16:31 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-05-24 16:10 . 2010-05-24 16:10 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-05-24 15:27 . 2010-05-24 16:30 -------- d-----w- c:\users\Martin\AppData\Roaming\Hamachi
2010-05-24 14:32 . 2010-05-24 14:32 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-05-24 14:17 . 2010-05-24 14:50 -------- d-sha-w- c:\users\Public\DRM
2010-05-23 17:51 . 2010-05-23 17:51 -------- d-----w- c:\users\Martin\AppData\Roaming\Leadertech
2010-05-23 17:43 . 2010-05-23 17:43 -------- d-----w- c:\users\Martin\AppData\Local\GHISLER
2010-05-23 09:26 . 2010-05-23 09:26 -------- d-----w- c:\users\Martin\AppData\Local\TechSmith
2010-05-23 09:22 . 2010-05-23 09:22 -------- d-----w- c:\users\Martin\AppData\Roaming\Ashampoo
2010-05-23 09:21 . 2010-05-30 17:10 -------- d-----w- c:\programdata\ashampoo
2010-05-23 09:21 . 2010-03-04 15:27 411480 ----a-w- c:\windows\system32\tsccvid.dll
2010-05-23 09:21 . 2010-05-23 09:21 -------- d-----w- c:\windows\system32\QuickTime
2010-05-23 09:21 . 2010-05-23 09:21 -------- d-----w- c:\program files\QuickTime
2010-05-23 09:20 . 2010-06-19 09:24 -------- d-----w- c:\program files\Ashampoo
2010-05-23 09:20 . 2010-05-23 09:20 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2010-05-23 09:20 . 2010-05-23 09:21 -------- d-----w- c:\programdata\TechSmith
2010-05-23 09:20 . 2010-05-23 09:20 -------- d-----w- c:\program files\TechSmith
2010-05-22 14:09 . 2010-02-15 10:03 286208 ----a-w- c:\windows\system32\binkw32.dll
2010-05-22 14:02 . 2009-11-08 21:10 230457 ----a-w- c:\windows\system32\libpng12.dll
2010-05-22 14:02 . 2005-05-08 15:56 55808 ----a-w- c:\windows\system32\zlib1.dll
2010-05-22 14:02 . 2009-11-08 21:27 131584 ----a-w- c:\windows\system32\nvtt.dll
2010-05-22 13:56 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-05-22 13:56 . 2010-05-22 13:56 -------- d-----w- C:\Dx
2010-05-22 13:29 . 2010-05-22 18:59 -------- d-----w- c:\program files\Common Files\BioWare
2010-05-22 11:45 . 2010-05-22 11:45 -------- d-----w- c:\users\Martin\AppData\Local\ElevatedDiagnostics
2010-05-22 10:56 . 2010-05-22 10:56 -------- d-----w- c:\program files\GamePark
2010-05-22 10:44 . 2010-05-22 10:44 -------- d-----w- c:\windows\system32\Adobe
2010-05-21 20:21 . 2010-05-21 20:21 -------- d-----w- c:\users\Martin\AppData\Roaming\Malwarebytes
2010-05-21 20:21 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-21 20:21 . 2010-05-21 20:21 -------- d-----w- c:\programdata\Malwarebytes
2010-05-21 20:21 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-21 20:21 . 2010-05-21 20:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-21 20:15 . 2010-05-21 20:15 388096 ----a-r- c:\users\Martin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-21 20:15 . 2010-05-21 20:15 -------- d-----w- c:\program files\HJT
2010-05-21 20:01 . 2010-05-21 20:08 -------- d-----w- c:\users\Martin\AppData\Local\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-20 12:11 . 2009-07-14 08:44 622422 ----a-w- c:\windows\system32\perfh005.dat
2010-06-20 12:11 . 2009-07-14 08:44 118604 ----a-w- c:\windows\system32\perfc005.dat
2010-06-20 10:15 . 2010-05-20 14:34 -------- d-----w- c:\users\Martin\AppData\Roaming\vlc
2010-06-20 10:12 . 2010-05-20 15:22 -------- d-----w- c:\users\Martin\AppData\Roaming\dvdcss
2010-06-19 14:40 . 2010-05-17 16:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-19 13:33 . 2010-05-17 15:51 64704 ----a-w- c:\users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-12 17:03 . 2010-06-12 17:02 165030 ----a-w- C:\LCACHE00.TMP
2010-06-12 13:29 . 2010-05-17 16:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-28 14:34 . 2010-05-18 19:59 -------- d-----w- c:\program files\RocketDock
2010-05-27 17:53 . 2010-05-20 16:51 -------- d-----w- c:\program files\Miranda IM
2010-05-24 17:44 . 2010-05-17 19:07 -------- d-----w- c:\users\Martin\AppData\Roaming\Skype
2010-05-24 16:10 . 2010-05-17 19:09 -------- d-----w- c:\users\Martin\AppData\Roaming\skypePM
2010-05-24 13:34 . 2010-05-19 17:34 -------- d-----w- c:\program files\PhotoFiltre Studio
2010-05-22 10:33 . 2010-05-17 16:31 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-21 12:14 . 2010-05-17 15:50 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-20 15:37 . 2010-05-20 15:26 -------- d-----w- c:\users\Martin\AppData\Roaming\Miranda
2010-05-20 14:33 . 2010-05-20 14:33 -------- d-----w- c:\program files\VideoLAN
2010-05-20 05:10 . 2010-05-20 05:10 -------- d-----w- c:\program files\MSECache
2010-05-20 04:59 . 2010-05-20 04:51 -------- d-----w- c:\programdata\EPSON
2010-05-20 04:55 . 2010-05-20 04:55 -------- d-----w- c:\programdata\UDL
2010-05-20 04:54 . 2010-05-20 04:54 -------- d-----w- c:\program files\Epson Software
2010-05-20 04:54 . 2010-05-18 18:25 -------- d-----w- c:\users\Martin\AppData\Roaming\Epson
2010-05-20 04:54 . 2010-05-18 14:28 -------- d-----w- c:\program files\epson
2010-05-20 04:52 . 2010-05-20 04:52 -------- d-----w- c:\users\Martin\AppData\Roaming\InstallShield
2010-05-19 17:35 . 2010-05-19 17:35 45 ---h--w- c:\windows\dsez5799.dat
2010-05-19 15:21 . 2010-05-19 15:21 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-05-18 11:10 . 2010-05-18 05:09 -------- d-----w- c:\program files\Movie Maker 2.6
2010-05-18 04:56 . 2010-05-18 04:56 -------- d-----w- c:\users\Martin\AppData\Roaming\Publish Providers
2010-05-18 04:56 . 2010-05-17 19:50 -------- d-----w- c:\users\Martin\AppData\Roaming\Sony
2010-05-17 20:04 . 2010-05-17 19:06 -------- d-----r- c:\program files\Skype
2010-05-17 20:00 . 2010-05-17 20:00 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-05-17 19:55 . 2010-05-17 19:55 -------- d-----w- c:\program files\Common Files\Windows Live
2010-05-17 19:49 . 2010-05-17 19:49 -------- d-----w- c:\programdata\Sony
2010-05-17 19:49 . 2010-05-17 19:49 -------- d-----w- c:\program files\Sony
2010-05-17 19:43 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-17 19:19 . 2010-05-17 19:19 -------- d-----w- c:\program files\Microsoft.NET
2010-05-17 19:17 . 2010-05-17 17:00 -------- d-----w- c:\users\Martin\AppData\Roaming\DAEMON Tools Lite
2010-05-17 19:06 . 2010-05-17 19:06 -------- d-----w- c:\program files\Common Files\Skype
2010-05-17 19:06 . 2010-05-17 19:06 -------- d-----w- c:\programdata\Skype
2010-05-17 18:33 . 2010-05-17 18:33 -------- d-----w- c:\program files\VS Revo Group
2010-05-17 18:11 . 2010-05-17 18:10 -------- d-----w- c:\program files\Opera
2010-05-17 17:01 . 2010-05-17 17:00 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-05-17 17:01 . 2010-05-17 17:01 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-17 17:00 . 2010-05-17 17:00 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-05-17 16:33 . 2010-05-17 16:31 -------- d--h--w- c:\program files\Temp
2010-05-17 16:31 . 2010-05-17 16:31 -------- d-----w- c:\program files\Realtek
2010-05-17 16:30 . 2010-05-17 16:30 -------- d-----w- c:\users\Martin\AppData\Roaming\GHISLER
2010-05-17 16:29 . 2010-05-17 16:29 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-05-17 16:17 . 2010-05-17 16:17 -------- d-----w- c:\program files\ESET
2010-05-17 16:16 . 2010-05-17 16:16 -------- d-----w- c:\programdata\McAfee
2010-05-17 16:09 . 2010-05-17 16:09 -------- d-----w- c:\program files\CCleaner
2010-05-17 15:35 . 2010-05-17 15:35 -------- d-sh--we c:\programdata\Plocha
2010-05-17 15:35 . 2010-05-17 15:35 -------- d-sh--we c:\programdata\Oblíbené položky
2010-05-17 15:35 . 2010-05-17 15:35 -------- d-sh--we c:\programdata\Šablony
2010-05-17 15:35 . 2010-05-17 15:35 -------- d-sh--we c:\programdata\Nabídka Start
2010-05-17 15:35 . 2010-05-17 15:35 -------- d-sh--we c:\programdata\Dokumenty
2010-05-17 15:35 . 2010-05-17 15:35 -------- d-sh--we c:\programdata\Data aplikací
2010-04-03 16:27 . 2010-04-03 16:27 985704 ----a-w- c:\windows\system32\nvsvc.dll
2010-04-03 16:27 . 2010-04-03 16:27 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-04-03 16:27 . 2010-04-03 16:27 13683816 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 16:27 . 2010-04-03 16:27 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-04-03 16:27 . 2010-04-03 16:27 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-31 06:23 . 2010-03-31 06:23 96896 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2010-03-31 06:22 . 2010-03-31 06:22 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-03-31 06:17 . 2010-03-31 06:17 134024 ----a-w- c:\windows\system32\drivers\eamonm.sys
2010-03-31 06:00 . 2010-03-31 06:00 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\25141\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\25141\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\25141\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\25141\AcrobatUpdater.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-31 2145000]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-17 8546848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 09:16 1820040 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-17 691696]
R2 fsrt;Fortres Security Runtime;c:\program files\Fortres Grand\Fortres Security Runtime 6.0\FSRT.EXE [x]
R3 FGCWL;FGCWL;c:\program files\Fortres Grand\Virtual Sandbox\FGCWL.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-13 1343400]
R4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
R4 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2010-03-23 704760]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-31 114984]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-31 134024]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-31 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-03-31 96896]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]

.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.cz/ig
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: {49E7AC88-3BD9-4673-A8D9-DA1CFF080C49} = 10.10.10.1
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\vw8wist1.default\
FF - prefs.js: browser.startup.homepage - google.cz/ig
FF - component: c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\vw8wist1.default\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}\components\PlainOldFavorites.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-UIWatcher - c:\program files\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-06-20 14:15:56
ComboFix-quarantined-files.txt 2010-06-20 12:15

Před spuštěním: Volných bajtů: 87 516 561 408
Po spuštění: Volných bajtů: 87 592 574 976

- - End Of File - - B8B179475C39591E304C57D301E18BF3

[M4RTY]

jaro3: zapoměl si ? Nebo jen nezbyl čas ?

[jaro3]

Nebyl čas.

Znáš tyto složky:
C:\FGCDIR
c:\users\Public\DRM
C:\Dx
C:\program files\IM
??

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\drivers\fgcpst.sys
c:\windows\system32\Access.dat

Pokud už byl soubor testován-klikni na otestovat znovu.
Až skončí test všech antivirů, vlož sem pak odkazy na stránky s výsledky.

[M4RTY]

fgcpst.sys
Access.dat nejde otestovat, jelikož má 0 bajtů.

C:\FGCDIR - na netu jsem se dočetl, že to vytvořil Virtual Sandbox, způsoboval BSOD, tak jsem ho ihned oninstaloval...btw. mám to na všech discích (Ext. HDD,HDD)
c:\users\Public\DRM - neznám, ale mám povolené zobrazování skrytých složek...takže normálně je skrytá
C:\Dx - znám, uložil jsem si tam directx (setup)
C:\program files\IM - znám, mám tam QIP, Mirandu

[jaro3]

Access.dat nejde otestovat, jelikož má 0 bajtů. --zkus zastavit napřed v procesech , pokud tam je , a pak otestovat znovu.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableVirtualization"=dword:00000001

Klikni na soubor a vyber: uložit jako, v okně vyber:
Název souboru: fixme.reg
Typ souboru : všechny soubory
Kam: na svojí plochu
Klikni na uložit .Poklepej na ploše na soubor fixme.reg. Win se zeptá , zdali chceš přidat do registru, klikni na Ano.
Restart PC.

****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\mlfcache.dat
c:\windows\system32\ezsidmv.dat
C:\LCACHE00.TMP
c:\windows\dsez5799.dat

Folder::
C:\LCACHE00.TMP

DirLook::
c:\users\Public\DRM

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[M4RTY]

Není v procesech...

Jdu na to ostatní

[jaro3]

Fajn , pak ho smažem dodatečně , nic jsem o něm nenašel.

[M4RTY]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:13:06, on 21.6.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\HJT\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.cz/ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{49E7AC88-3BD9-4673-A8D9-DA1CFF080C49}: NameServer = 10.10.10.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Fortres Security Runtime (fsrt) - Unknown owner - C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\FSRT.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 3568 bytes






ComboFix 10-06-19.03 - Martin 21.06.2010 16:59:18.2.1 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.2047.1592 [GMT 2:00]
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Martin\Desktop\CFScript.txt
* Rezidentní štít AV je zapnutý


FILE ::
"C:\LCACHE00.TMP"
"c:\windows\dsez5799.dat"
"c:\windows\system32\ezsidmv.dat"
"c:\windows\system32\mlfcache.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\LCACHE00.TMP
c:\windows\dsez5799.dat
c:\windows\system32\ezsidmv.dat
c:\windows\system32\mlfcache.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-21 do 2010-06-21 )))))))))))))))))))))))))))))))
.

2010-06-21 15:04 . 2010-06-21 15:06 -------- d-----w- c:\users\Martin\AppData\Local\temp
2010-06-21 15:04 . 2010-06-21 15:04 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-21 15:04 . 2010-06-21 15:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-21 13:48 . 2010-06-21 14:52 -------- d-----w- c:\users\Martin\AppData\Roaming\AIMP
2010-06-21 13:47 . 2010-06-21 13:47 -------- d-----w- c:\program files\AIMP2
2010-06-20 12:09 . 2010-06-20 12:09 -------- d-----w- c:\users\Martin\AppData\Local\ESET
2010-06-19 13:23 . 2010-06-19 15:12 -------- d-----w- c:\programdata\FLEXnet
2010-06-19 13:16 . 2010-06-19 13:16 -------- d-----w- c:\program files\Bonjour
2010-06-19 13:11 . 2010-06-19 13:11 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-06-19 10:52 . 2010-06-19 10:52 -------- d-----w- c:\program files\Defraggler
2010-06-19 09:21 . 2010-06-19 09:21 -------- d---a-w- c:\program files\Revo_Uninstaller
2010-06-19 08:49 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2010-06-19 08:48 . 2010-06-19 08:49 -------- d-----w- c:\program files\VstPlugins
2010-06-19 08:48 . 2010-06-19 08:48 -------- d-----w- c:\program files\Outsim
2010-06-17 12:00 . 2010-06-17 12:00 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-16 20:01 . 2010-06-16 20:01 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-13 13:59 . 2010-06-13 13:59 -------- d-----w- c:\windows\system32\Wat
2010-06-12 17:02 . 2010-06-12 17:02 -------- d--h--w- c:\windows\PIF
2010-06-12 14:02 . 2010-06-12 14:02 -------- d-----w- C:\FGCDIR
2010-06-12 13:55 . 2010-06-12 13:59 -------- d-----w- c:\program files\WhoCrashed
2010-06-12 13:29 . 2006-12-12 15:00 27176 ----a-w- c:\windows\system32\drivers\fgcpst.sys
2010-06-12 12:28 . 2010-06-12 13:22 -------- d-----w- c:\program files\nLite
2010-06-10 18:35 . 2010-06-10 18:35 -------- d-----w- C:\TERASOFT
2010-06-10 18:35 . 2010-06-10 18:35 7008 ----a-w- c:\windows\system\SETUPKIT.DLL
2010-06-10 18:35 . 2010-06-10 18:35 398416 ----a-w- c:\windows\system\VBRUN300.DLL
2010-06-10 18:35 . 2010-06-10 18:35 39233 ----a-w- c:\windows\SETUP1.EXE
2010-06-10 13:44 . 2010-06-10 13:44 -------- d-----w- c:\program files\IM
2010-06-10 05:12 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-06-10 05:12 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-10 05:12 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-10 05:12 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-06-10 05:12 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-09 15:45 . 2010-06-09 15:46 -------- d-----w- c:\program files\JDownloader
2010-06-08 18:04 . 2010-06-08 18:04 -------- d-----w- c:\users\Martin\AppData\Roaming\Apple Computer
2010-06-08 18:04 . 2010-06-08 18:04 -------- d-----w- c:\users\Martin\AppData\Local\Apple Computer
2010-06-08 18:04 . 2010-06-08 18:04 -------- d-----w- c:\program files\Safari
2010-06-08 18:04 . 2010-06-08 18:04 -------- d-----w- c:\programdata\Apple Computer
2010-06-08 18:03 . 2010-06-08 18:03 -------- d-----w- c:\program files\Common Files\Apple
2010-06-08 18:03 . 2010-06-08 18:03 -------- d-----w- c:\users\Martin\AppData\Local\Apple
2010-06-08 18:03 . 2010-06-08 18:03 -------- d-----w- c:\program files\Apple Software Update
2010-06-08 18:03 . 2010-06-08 18:03 -------- d-----w- c:\programdata\Apple
2010-06-06 19:13 . 2010-06-21 15:06 -------- d-----w- c:\programdata\NVIDIA
2010-06-06 19:12 . 2010-06-06 19:14 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-05 19:51 . 2010-06-05 19:54 -------- d-----w- C:\Fraps
2010-06-05 08:36 . 2010-06-05 08:37 -------- d-----w- c:\program files\ScreenShots
2010-06-05 08:16 . 2010-06-05 08:16 -------- d-----w- c:\programdata\KONAMI
2010-06-04 10:29 . 2010-06-04 10:29 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-03 18:52 . 2010-06-05 21:14 0 ----a-w- c:\windows\system32\Access.dat
2010-06-03 18:52 . 2010-06-03 20:12 -------- d-----w- c:\users\Martin\AppData\Roaming\Tunngle
2010-06-03 18:52 . 2010-06-03 19:00 -------- d-----w- c:\programdata\Tunngle
2010-06-03 18:52 . 2009-09-16 05:02 27136 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2010-06-03 18:51 . 2010-06-03 18:52 -------- d-----w- c:\program files\Tunngle
2010-06-02 17:13 . 2005-05-17 13:48 24576 ----a-w- c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\vw8wist1.default\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}\components\PlainOldFavorites.dll
2010-06-01 17:36 . 2010-06-01 17:36 -------- d-----w- c:\users\Martin\AppData\Local\Stardock
2010-06-01 17:35 . 2010-06-01 17:35 -------- d-----w- c:\program files\Common Files\Stardock
2010-06-01 17:35 . 2010-06-01 17:35 -------- d-----w- c:\program files\Stardock
2010-06-01 14:51 . 2010-06-01 14:51 -------- d-----w- c:\windows\SWAT 4
2010-05-31 12:48 . 2010-05-31 12:48 -------- d-----w- c:\users\Martin\AppData\Local\SRS Labs
2010-05-31 12:47 . 2010-05-31 12:47 -------- d-----w- c:\programdata\SRS Labs
2010-05-31 12:46 . 2010-05-31 12:46 -------- d-----w- c:\program files\Common Files\SRS Labs Shared
2010-05-30 17:00 . 2010-05-30 17:11 -------- d-----w- c:\programdata\WinZip
2010-05-30 10:16 . 2010-05-30 17:15 -------- d-----w- c:\program files\ICQ-Banner-Remover
2010-05-30 10:10 . 2010-05-30 10:10 -------- d-----w- c:\users\Martin\AppData\Local\AOL
2010-05-30 07:16 . 2010-05-30 07:16 0 ----a-w- c:\windows\nsreg.dat
2010-05-29 19:02 . 2010-05-29 19:02 -------- d-----w- c:\program files\FDRLab
2010-05-29 17:15 . 2010-05-29 17:15 -------- d-----w- c:\program files\Activision
2010-05-29 07:41 . 2010-05-29 07:41 -------- d-----w- c:\windows\Sun
2010-05-28 14:37 . 2010-05-28 14:37 -------- d-----w- c:\users\Martin\AppData\Roaming\GRETECH
2010-05-28 14:36 . 2010-05-28 14:36 -------- d-----w- c:\program files\GRETECH
2010-05-27 19:02 . 2010-05-27 19:02 -------- d-----w- c:\users\Martin\AppData\Roaming\VitySoft
2010-05-27 19:01 . 2010-05-27 19:01 -------- d-----w- c:\program files\Common Files\Java
2010-05-27 19:01 . 2010-05-27 19:01 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-27 19:01 . 2010-05-27 19:01 -------- d-----w- c:\program files\Java
2010-05-27 18:57 . 2010-05-27 18:57 -------- d-----w- c:\program files\FreeRapidDonwloader
2010-05-26 13:30 . 2010-05-26 13:33 -------- d-----w- c:\program files\Classic Shell
2010-05-26 12:14 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-25 15:28 . 2010-06-19 16:03 -------- d-----w- c:\users\Martin\AppData\Local\Adobe
2010-05-24 18:32 . 2010-06-19 09:26 -------- d-----w- c:\users\Martin\AppData\Local\Deployment
2010-05-24 18:32 . 2010-05-24 18:32 -------- d-----w- c:\users\Martin\AppData\Local\Apps
2010-05-24 16:31 . 2010-06-04 12:01 -------- d-----w- c:\users\Martin\AppData\Local\LogMeIn Hamachi
2010-05-24 16:31 . 2010-05-24 16:31 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-05-24 15:27 . 2010-05-24 16:30 -------- d-----w- c:\users\Martin\AppData\Roaming\Hamachi
2010-05-24 14:32 . 2010-05-24 14:32 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-05-24 14:17 . 2010-05-24 14:50 -------- d-sha-w- c:\users\Public\DRM
2010-05-23 17:51 . 2010-05-23 17:51 -------- d-----w- c:\users\Martin\AppData\Roaming\Leadertech
2010-05-23 17:43 . 2010-05-23 17:43 -------- d-----w- c:\users\Martin\AppData\Local\GHISLER
2010-05-23 09:26 . 2010-05-23 09:26 -------- d-----w- c:\users\Martin\AppData\Local\TechSmith
2010-05-23 09:22 . 2010-05-23 09:22 -------- d-----w- c:\users\Martin\AppData\Roaming\Ashampoo
2010-05-23 09:21 . 2010-05-30 17:10 -------- d-----w- c:\programdata\ashampoo
2010-05-23 09:21 . 2010-03-04 15:27 411480 ----a-w- c:\windows\system32\tsccvid.dll
2010-05-23 09:21 . 2010-05-23 09:21 -------- d-----w- c:\windows\system32\QuickTime
2010-05-23 09:21 . 2010-05-23 09:21 -------- d-----w- c:\program files\QuickTime
2010-05-23 09:20 . 2010-06-19 09:24 -------- d-----w- c:\program files\Ashampoo
2010-05-23 09:20 . 2010-05-23 09:20 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2010-05-23 09:20 . 2010-05-23 09:21 -------- d-----w- c:\programdata\TechSmith
2010-05-23 09:20 . 2010-05-23 09:20 -------- d-----w- c:\program files\TechSmith

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-21 15:02 . 2009-07-14 08:44 622422 ----a-w- c:\windows\system32\perfh005.dat
2010-06-21 15:02 . 2009-07-14 08:44 118604 ----a-w- c:\windows\system32\perfc005.dat
2010-06-21 13:48 . 2010-05-20 14:34 -------- d-----w- c:\users\Martin\AppData\Roaming\vlc
2010-06-20 10:12 . 2010-05-20 15:22 -------- d-----w- c:\users\Martin\AppData\Roaming\dvdcss
2010-06-19 14:40 . 2010-05-17 16:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-19 13:33 . 2010-05-17 15:51 64704 ----a-w- c:\users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-12 13:29 . 2010-05-17 16:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-28 14:34 . 2010-05-18 19:59 -------- d-----w- c:\program files\RocketDock
2010-05-27 17:53 . 2010-05-20 16:51 -------- d-----w- c:\program files\Miranda IM
2010-05-24 17:44 . 2010-05-17 19:07 -------- d-----w- c:\users\Martin\AppData\Roaming\Skype
2010-05-24 16:10 . 2010-05-17 19:09 -------- d-----w- c:\users\Martin\AppData\Roaming\skypePM
2010-05-24 13:34 . 2010-05-19 17:34 -------- d-----w- c:\program files\PhotoFiltre Studio
2010-05-22 18:59 . 2010-05-22 13:29 -------- d-----w- c:\program files\Common Files\BioWare
2010-05-22 10:56 . 2010-05-22 10:56 -------- d-----w- c:\program files\GamePark
2010-05-22 10:33 . 2010-05-17 16:31 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-21 20:21 . 2010-05-21 20:21 -------- d-----w- c:\users\Martin\AppData\Roaming\Malwarebytes
2010-05-21 20:21 . 2010-05-21 20:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-21 20:21 . 2010-05-21 20:21 -------- d-----w- c:\programdata\Malwarebytes
2010-05-21 20:15 . 2010-05-21 20:15 388096 ----a-r- c:\users\Martin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-21 20:15 . 2010-05-21 20:15 -------- d-----w- c:\program files\HJT
2010-05-21 12:14 . 2010-05-17 15:50 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-20 15:37 . 2010-05-20 15:26 -------- d-----w- c:\users\Martin\AppData\Roaming\Miranda
2010-05-20 14:33 . 2010-05-20 14:33 -------- d-----w- c:\program files\VideoLAN
2010-05-20 05:10 . 2010-05-20 05:10 -------- d-----w- c:\program files\MSECache
2010-05-20 04:59 . 2010-05-20 04:51 -------- d-----w- c:\programdata\EPSON
2010-05-20 04:55 . 2010-05-20 04:55 -------- d-----w- c:\programdata\UDL
2010-05-20 04:54 . 2010-05-20 04:54 -------- d-----w- c:\program files\Epson Software
2010-05-20 04:54 . 2010-05-18 18:25 -------- d-----w- c:\users\Martin\AppData\Roaming\Epson
2010-05-20 04:54 . 2010-05-18 14:28 -------- d-----w- c:\program files\epson
2010-05-20 04:52 . 2010-05-20 04:52 -------- d-----w- c:\users\Martin\AppData\Roaming\InstallShield
2010-05-19 15:21 . 2010-05-19 15:21 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-05-18 11:10 . 2010-05-18 05:09 -------- d-----w- c:\program files\Movie Maker 2.6
2010-05-18 04:56 . 2010-05-18 04:56 -------- d-----w- c:\users\Martin\AppData\Roaming\Publish Providers
2010-05-18 04:56 . 2010-05-17 19:50 -------- d-----w- c:\users\Martin\AppData\Roaming\Sony
2010-05-17 20:04 . 2010-05-17 19:06 -------- d-----r- c:\program files\Skype
2010-05-17 20:00 . 2010-05-17 20:00 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-05-17 19:55 . 2010-05-17 19:55 -------- d-----w- c:\program files\Common Files\Windows Live
2010-05-17 19:49 . 2010-05-17 19:49 -------- d-----w- c:\programdata\Sony
2010-05-17 19:49 . 2010-05-17 19:49 -------- d-----w- c:\program files\Sony
2010-05-17 19:43 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-17 19:19 . 2010-05-17 19:19 -------- d-----w- c:\program files\Microsoft.NET
2010-05-17 19:17 . 2010-05-17 17:00 -------- d-----w- c:\users\Martin\AppData\Roaming\DAEMON Tools Lite
2010-05-17 19:06 . 2010-05-17 19:06 -------- d-----w- c:\program files\Common Files\Skype
2010-05-17 19:06 . 2010-05-17 19:06 -------- d-----w- c:\programdata\Skype
2010-05-17 18:33 . 2010-05-17 18:33 -------- d-----w- c:\program files\VS Revo Group
2010-05-17 18:11 . 2010-05-17 18:10 -------- d-----w- c:\program files\Opera
2010-05-17 17:01 . 2010-05-17 17:00 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-05-17 17:01 . 2010-05-17 17:01 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-17 17:00 . 2010-05-17 17:00 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-05-17 16:33 . 2010-05-17 16:31 -------- d--h--w- c:\program files\Temp
2010-05-17 16:31 . 2010-05-17 16:31 -------- d-----w- c:\program files\Realtek
2010-05-17 16:30 . 2010-05-17 16:30 -------- d-----w- c:\users\Martin\AppData\Roaming\GHISLER
2010-05-17 16:29 . 2010-05-17 16:29 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-05-17 16:17 . 2010-05-17 16:17 -------- d-----w- c:\program files\ESET
2010-05-17 16:16 . 2010-05-17 16:16 -------- d-----w- c:\programdata\McAfee
2010-05-17 16:09 . 2010-05-17 16:09 -------- d-----w- c:\program files\CCleaner
2010-05-17 15:35 . 2010-05-17 15:35 -------- d-sh--we c:\programdata\Plocha
2010-05-17 15:35 . 2010-05-17 15:35 -------- d-sh--we c:\programdata\Oblíbené položky
2010-05-17 15:35 . 2010-05-17 15:35 -------- d-sh--we c:\programdata\Šablony
2010-05-17 15:35 . 2010-05-17 15:35 -------- d-sh--we c:\programdata\Nabídka Start
2010-05-17 15:35 . 2010-05-17 15:35 -------- d-sh--we c:\programdata\Dokumenty
2010-05-17 15:35 . 2010-05-17 15:35 -------- d-sh--we c:\programdata\Data aplikací
2010-04-29 13:39 . 2010-05-21 20:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-05-21 20:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-03 16:27 . 2010-04-03 16:27 985704 ----a-w- c:\windows\system32\nvsvc.dll
2010-04-03 16:27 . 2010-04-03 16:27 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-04-03 16:27 . 2010-04-03 16:27 13683816 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 16:27 . 2010-04-03 16:27 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-04-03 16:27 . 2010-04-03 16:27 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-31 06:23 . 2010-03-31 06:23 96896 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2010-03-31 06:22 . 2010-03-31 06:22 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-03-31 06:17 . 2010-03-31 06:17 134024 ----a-w- c:\windows\system32\drivers\eamonm.sys
2010-03-31 06:00 . 2010-03-31 06:00 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\25141\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\25141\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\25141\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\25141\AcrobatUpdater.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Public\DRM ----



((((((((((((((((((((((((((((( SnapShot@2010-06-20_12.14.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-17 17:04 . 2010-06-21 14:59 21656 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-06-21 14:59 40964 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-05-17 15:32 . 2010-06-21 14:25 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-17 15:32 . 2010-06-20 07:27 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-17 15:32 . 2010-06-20 07:27 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-17 15:32 . 2010-06-21 14:25 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2010-06-20 07:27 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2010-06-21 14:25 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:34 . 2010-06-20 12:25 85960 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-05-17 15:52 . 2010-06-20 12:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-17 15:52 . 2010-06-21 15:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-17 15:52 . 2010-06-21 15:00 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-17 15:52 . 2010-06-20 12:07 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-17 15:52 . 2010-06-21 15:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-17 15:52 . 2010-06-20 12:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-17 19:19 . 2010-06-10 05:39 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2010-05-17 19:19 . 2010-06-21 07:07 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2010-05-17 19:19 . 2010-06-10 05:39 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2010-05-17 19:19 . 2010-06-21 07:07 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2010-05-17 19:19 . 2010-06-10 05:39 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2010-05-17 19:19 . 2010-06-21 07:07 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2010-05-17 19:19 . 2010-06-21 07:07 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2010-05-17 19:19 . 2010-06-10 05:39 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2010-05-17 19:19 . 2010-06-21 07:07 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2010-05-17 19:19 . 2010-06-10 05:39 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2010-05-17 19:19 . 2010-06-10 05:39 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-05-17 19:19 . 2010-06-21 07:07 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-05-18 10:48 . 2010-06-21 06:29 3626 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1314827245-162968044-948876624-1001_UserData.bin
- 2010-05-18 10:48 . 2010-06-18 14:15 3626 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1314827245-162968044-948876624-1001_UserData.bin
+ 2010-05-17 16:38 . 2010-06-21 14:59 7474 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1314827245-162968044-948876624-1000_UserData.bin
+ 2010-06-21 14:57 . 2010-06-21 15:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-06-20 12:04 . 2010-06-20 12:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-06-20 12:04 . 2010-06-20 12:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-06-21 14:57 . 2010-06-21 15:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-05-17 19:19 . 2010-06-21 07:07 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2010-05-17 19:19 . 2010-06-10 05:39 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-05-27 06:32 . 2010-06-20 19:48 198854 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:05 . 2010-06-20 12:11 606992 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-06-21 15:02 606992 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-06-20 12:11 103370 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2010-06-21 15:02 103370 c:\windows\System32\perfc009.dat
- 2010-05-17 19:19 . 2010-06-10 05:39 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2010-05-17 19:19 . 2010-06-21 07:07 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2010-05-17 19:19 . 2010-06-21 07:07 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2010-05-17 19:19 . 2010-06-10 05:39 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2010-05-17 19:19 . 2010-06-10 05:39 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2010-05-17 19:19 . 2010-06-21 07:07 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2010-05-17 19:19 . 2010-06-10 05:39 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2010-05-17 19:19 . 2010-06-21 07:07 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2010-05-17 19:19 . 2010-06-21 07:07 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2010-05-17 19:19 . 2010-06-10 05:39 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2010-05-17 19:19 . 2010-06-10 05:39 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-05-17 19:19 . 2010-06-21 07:07 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-07-14 02:03 . 2010-06-21 11:27 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:03 . 2010-06-20 07:38 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-05-04 20:25 . 2010-05-04 20:25 7681024 c:\windows\Installer\243a46.msp
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-31 2145000]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-17 8546848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 09:16 1820040 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

R2 fsrt;Fortres Security Runtime;c:\program files\Fortres Grand\Fortres Security Runtime 6.0\FSRT.EXE [x]
R3 FGCWL;FGCWL;c:\program files\Fortres Grand\Virtual Sandbox\FGCWL.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-13 1343400]
R4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
R4 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2010-03-23 704760]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-17 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-31 114984]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-31 134024]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-31 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-03-31 96896]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]

.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.cz/ig
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: {49E7AC88-3BD9-4673-A8D9-DA1CFF080C49} = 10.10.10.1
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\vw8wist1.default\
FF - prefs.js: browser.startup.homepage - google.cz/ig
FF - component: c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\vw8wist1.default\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}\components\PlainOldFavorites.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x84C721F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0x676d5346
user & kernel MBR OK

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2010-06-21 17:09:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-21 15:09
ComboFix2.txt 2010-06-20 12:15

Před spuštěním: Volných bajtů: 86 479 355 904
Po spuštění: Volných bajtů: 86 435 991 552

- - End Of File - - 76DCD9BF3E123E16DCFD4898534779E5


//Až budem mazat CF, tak preferuji ruční smazání, díky

[jaro3]

//Až budem mazat CF, tak preferuji ruční smazání, díky ??

Odinstaluj:
c:\programdata\McAfee (McAfee Security Scan )

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\Access.dat
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

Folder::
c:\programdata\McAfee
c:\users\Public\DRM

Registry::
[-HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O23 - Service: Fortres Security Runtime (fsrt) - Unknown owner - C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\FSRT.EXE (file missing)


Pak nový log z HJT