Žádám o kontrolu logu -viry Vyřešeno

[jakubpolo]

Chytl jsem nějaký vir, který nemohl Microsoft Security Essential opravit, tak jsem použil restore systému - nevím zda to byl moudrý nápad, ale již se stalo :-)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:08:26, on 12.9.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Users\PoLo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PoLo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PoLo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PoLo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PoLo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PoLo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PoLo\Documents\Miranda IM\miranda32.exe
C:\Users\PoLo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PoLo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6671 bytes

[Reklama]

[bledulka]

Ahoj,
nevíš co to bylo za vir, v jakém souboru?

Stahni CCleaner http://www.filehippo.com/download_cclea ... cbae6b492/
-nainstaluj (neinstaluj Yahoo toolbar)

-zvol záložku Čistič
-nechej v levém sloupečku zatrhnuté vše jak je a zmáčkni tlačítko analyzovat
-pak potvrď tlačítko Spustit Ccleaner
-tím se vyčistí počítač od dočasných soubborů, doporučuji pravidelně používat.

-vyber záložku registry
-klikni na tlačítko hledej problémy
-pak klikni na opravit vybrané problémy, potvrď, že chceš udělat zálohu a nech všechno opravit

**********************

Stahni Rsit http://images.malwareremoval.com/random/RSIT.exe
-spusť, klikni na tlačítko Continue
-po skenu na tebe vyběhne log.txt,obsah vlož zde


*********************

Stahni Mbam http://download.cnet.com/3001-8022_4-10 ... l-10804572
-nainstaluj, aktualizuj
-udělej uplný sken a vlož sem log

[jakubpolo]

To jsem provedl. Myslíte, že to mohla opravit obnova té systém restore?

[bledulka]

Co jsi provedl?
Obnova mohla pomoci, určitě , ale potřebujeme to prověřit.

[jakubpolo]

Během skenování programem Mbam mě opět vyskočila hláška od Microsoft Security Essentials:

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommendation: Remove this software immediately.

Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the 'Allow' action and click 'Apply actions'. If this option is not available, log on as administrator or ask the local administrator for help.

Items:
file:C:\Users\PoLo\AppData\Local\Temp\4220.tmp

Get more information about this item online.

Po nějaké době další problém:

Category: Password Stealer

Description: This program is dangerous and captures user passwords.

Recommendation: Remove this software immediately.

Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the 'Allow' action and click 'Apply actions'. If this option is not available, log on as administrator or ask the local administrator for help.

Items:
file:C:\Windows\pss\svchost.exe.Startup

Get more information about this item online.

Dal jsem u nich "remove" a "Clear computer". Byly prý úspěšně smazány. Jeden z nich byl password stealer, jaká hesla jsou ohrožena? Jaká bych měl po vyřešení problému změnit?
Rsit:


Logfile of random's system information tool 1.08 (written by random/random)
Run by PoLo at 2010-09-12 21:48:33
Microsoft Windows 7 Professional
System drive C: has 196 GB (82%) free of 238 GB
Total RAM: 3071 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:48:40, on 12.9.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Users\PoLo\Documents\Miranda IM\miranda32.exe
C:\Users\PoLo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PoLo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PoLo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PoLo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PoLo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PoLo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PoLo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PoLo\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\PoLo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6611 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3215773759-1141924191-89271744-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3215773759-1141924191-89271744-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-01-16 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-07-26 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-09-12 21:48:33 ----D---- C:\rsit
2010-09-12 21:48:33 ----D---- C:\Program Files (x86)\trend micro
2010-09-12 20:07:33 ----D---- C:\Program Files (x86)\HiJackThis
2010-09-12 01:46:45 ----A---- C:\LOGFILE.TXT
2010-09-11 15:13:50 ----D---- C:\Program Files (x86)\JDownloader
2010-09-10 19:07:45 ----D---- C:\ProgramData\MetaQuotes
2010-09-10 17:27:02 ----D---- C:\PFiles
2010-09-10 16:13:46 ----D---- C:\Users\PoLo\AppData\Roaming\Saxo Bank
2010-09-10 16:12:54 ----D---- C:\Program Files (x86)\Saxo Bank
2010-09-10 16:12:37 ----D---- C:\Windows\024D66E9D50C44A792B42DFDDD95D228.TMP
2010-09-05 21:42:43 ----D---- C:\AllokRMFolder
2010-09-05 21:23:26 ----D---- C:\Program Files (x86)\Free MOV to AVI Converter
2010-09-02 18:20:31 ----RHD---- C:\Users\PoLo\AppData\Roaming\SecuROM
2010-09-02 18:20:30 ----A---- C:\Windows\SysWOW64\CmdLineExt_x64.dll
2010-09-02 18:20:15 ----A---- C:\Windows\SysWOW64\XAudio2_2.dll
2010-09-02 18:20:15 ----A---- C:\Windows\SysWOW64\XAPOFX1_1.dll
2010-09-02 18:20:15 ----A---- C:\Windows\SysWOW64\xactengine3_2.dll
2010-09-02 18:20:14 ----A---- C:\Windows\SysWOW64\d3dx10_39.dll
2010-09-02 18:20:14 ----A---- C:\Windows\SysWOW64\D3DCompiler_39.dll
2010-09-02 18:20:13 ----A---- C:\Windows\SysWOW64\XAudio2_1.dll
2010-09-02 18:20:13 ----A---- C:\Windows\SysWOW64\XAPOFX1_0.dll
2010-09-02 18:20:13 ----A---- C:\Windows\SysWOW64\D3DX9_39.dll
2010-09-02 18:20:12 ----A---- C:\Windows\SysWOW64\xactengine3_1.dll
2010-09-02 18:20:12 ----A---- C:\Windows\SysWOW64\X3DAudio1_4.dll
2010-09-02 18:20:11 ----A---- C:\Windows\SysWOW64\d3dx10_38.dll
2010-09-02 18:20:11 ----A---- C:\Windows\SysWOW64\D3DCompiler_38.dll
2010-09-02 18:20:10 ----A---- C:\Windows\SysWOW64\D3DX9_38.dll
2010-09-02 18:19:17 ----A---- C:\Windows\SysWOW64\wrap_oal.dll
2010-09-02 18:19:17 ----A---- C:\Windows\SysWOW64\OpenAL32.dll
2010-09-02 17:54:10 ----D---- C:\Program Files (x86)\Deep Silver
2010-09-02 17:39:28 ----D---- C:\Windows\SysWOW64\AGEIA
2010-09-02 17:39:27 ----D---- C:\Program Files (x86)\AGEIA Technologies
2010-09-02 17:39:21 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2010-08-30 17:41:16 ----D---- C:\EA GAMES
2010-08-29 13:03:40 ----D---- C:\ProgramData\Gecko Software
2010-08-29 12:51:37 ----D---- C:\Windows\Downloaded Installations
2010-08-28 21:05:28 ----D---- C:\Program Files (x86)\Microsoft Games
2010-08-28 14:22:37 ----D---- C:\Program Files (x86)\Ascaron Entertainment
2010-08-27 18:29:59 ----D---- C:\Users\PoLo\AppData\Roaming\Ascaron Entertainment
2010-08-25 09:57:37 ----A---- C:\Windows\SysWOW64\oleaut32.dll
2010-08-24 13:48:17 ----D---- C:\ZLO
2010-08-21 23:03:46 ----D---- C:\ProgramData\Trymedia
2010-08-19 09:53:07 ----D---- C:\Program Files (x86)\Diablo II
2010-08-18 19:36:53 ----D---- C:\Program Files (x86)\Plus500
2010-08-18 11:49:01 ----D---- C:\Program Files (x86)\Hero Editor
2010-08-18 11:48:58 ----N---- C:\Windows\Setup1.exe
2010-08-18 11:48:57 ----A---- C:\Windows\ST6UNST.EXE
2010-08-17 16:07:44 ----D---- C:\Windows\Minidump
2010-08-15 21:28:34 ----D---- C:\Windows\Sun
2010-08-14 21:18:35 ----D---- C:\Users\PoLo\AppData\Roaming\AoboBlocker
2010-08-14 21:14:14 ----D---- C:\Program Files (x86)\MpSoft
2010-08-14 10:40:44 ----AT---- C:\Windows\SysWOW64\SIntfNT.dll
2010-08-14 10:40:44 ----AT---- C:\Windows\SysWOW64\SIntf32.dll
2010-08-14 10:40:44 ----AT---- C:\Windows\SysWOW64\SIntf16.dll
2010-08-13 22:52:33 ----D---- C:\ProgramData\PopCap Games

======List of files/folders modified in the last 1 months======

2010-09-12 21:48:40 ----D---- C:\Windows\Prefetch
2010-09-12 21:48:33 ----RD---- C:\Program Files (x86)
2010-09-12 21:32:00 ----D---- C:\Windows\Temp
2010-09-12 20:15:54 ----D---- C:\Users\PoLo\AppData\Roaming\uTorrent
2010-09-12 20:14:43 ----SHD---- C:\System Volume Information
2010-09-12 20:11:22 ----D---- C:\Windows
2010-09-12 20:10:31 ----D---- C:\Windows\System32
2010-09-12 20:10:31 ----D---- C:\Windows\inf
2010-09-12 20:07:36 ----SHD---- C:\Windows\Installer
2010-09-12 20:03:54 ----D---- C:\Windows\Tasks
2010-09-12 20:03:31 ----D---- C:\Windows\SysWOW64\Macromed
2010-09-12 20:03:28 ----HD---- C:\ProgramData
2010-09-12 20:03:28 ----D---- C:\Windows\AppCompat
2010-09-12 20:03:28 ----D---- C:\Users\PoLo\AppData\Roaming\LangSoft
2010-09-12 20:03:28 ----D---- C:\ProgramData\Microsoft Help
2010-09-12 20:03:25 ----D---- C:\Windows\registration
2010-09-10 13:36:59 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-09-09 22:13:00 ----D---- C:\Users\PoLo\AppData\Roaming\Skype
2010-09-09 19:59:25 ----D---- C:\Users\PoLo\AppData\Roaming\skypePM
2010-09-06 16:03:24 ----RSD---- C:\Windows\assembly
2010-09-05 21:41:42 ----D---- C:\Windows\SysWOW64
2010-09-05 21:22:07 ----SD---- C:\Users\PoLo\AppData\Roaming\Microsoft
2010-09-03 12:29:45 ----D---- C:\Program Files (x86)\CCleaner
2010-09-02 17:39:21 ----D---- C:\Program Files (x86)\Common Files
2010-08-30 17:33:59 ----D---- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2010-08-30 17:14:23 ----D---- C:\ProgramData\Blizzard Entertainment
2010-08-29 12:52:32 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2010-08-29 12:41:10 ----D---- C:\Program Files (x86)\uTorrent
2010-08-28 21:05:51 ----RSD---- C:\Windows\Fonts
2010-08-27 21:17:15 ----D---- C:\Program Files (x86)\TuneUp Utilities 2010
2010-08-27 14:56:42 ----A---- C:\Windows\SysWOW64\authuitu.dll
2010-08-27 14:56:30 ----A---- C:\Windows\SysWOW64\uxtuneup.dll
2010-08-25 10:15:41 ----D---- C:\Windows\winsxs
2010-08-25 09:58:23 ----D---- C:\Windows\AppPatch
2010-08-21 23:30:09 ----RD---- C:\Program Files
2010-08-21 16:48:14 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2010-08-14 21:20:35 ----D---- C:\Windows\debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys []
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys []
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys []
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-24 11856]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys []
S2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []
S3 akf87pw8;akf87pw8; C:\Windows\SysWOW64\drivers\akf87pw8.sys []
S3 cpuz130;cpuz130; \??\C:\Users\PoLo\AppData\Local\Temp\cpuz130\cpuz_x64.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\ZLO\Garena\plugins\UI\safedrv.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe []
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17424]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-08-27 1403200]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2010-05-06 357456]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TuneUp.Defrag;@C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-08-27 607040]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []

-----------------EOF-----------------


Mbam:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4602

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12.9.2010 22:22:33
mbam-log-2010-09-12 (22-22-33).txt

Scan type: Full scan (C:\|)
Objects scanned: 233027
Time elapsed: 31 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[bledulka]

Tuto složku znáš?
C:\AllokRMFolder

Vyměnila bych pak všechna hesla, pro jistotu.



Stáhni OTL
http://oldtimer.geekstogo.com/OTL.exe
-do spodního okénka vlož tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c


-dej fajfku do čtverečku u řádku Pro všechny uživatele
-nech ostatní položky jak je nastaveno na screenu
- potvrď tlačítko Prohledat.
-provede se sken, log OTL.Txt sem vlož

[jakubpolo]

OTL logfile created on: 12.9.2010 22:56:24 - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\PoLo\Downloads
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 191,51 Gb Free Space | 82,23% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STOLNÍ
Current User Name: PoLo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.09.12 22:55:03 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\PoLo\Downloads\OTL.exe
PRC - [2010.09.03 02:58:56 | 000,975,928 | ---- | M] (Google Inc.) -- C:\Users\PoLo\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010.04.29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009.10.21 23:06:48 | 000,694,368 | ---- | M] ( ) -- C:\Users\PoLo\My Documents\Miranda IM\miranda32.exe


========== Modules (SafeList) ==========

MOD - [2010.09.12 22:55:03 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\PoLo\Downloads\OTL.exe
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010.08.27 14:56:38 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010.05.06 11:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010.03.25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010.02.11 07:29:30 | 000,952,320 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2010.01.21 18:13:58 | 051,445,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV:64bit: - [2010.01.09 20:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV:64bit: - [2009.07.14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009.07.14 03:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009.07.14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010.08.27 21:17:15 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.08.27 15:01:22 | 001,403,200 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.08.27 14:56:30 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.03.18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010.08.29 12:55:52 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.08.29 12:55:51 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.07.26 21:54:07 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.06.23 17:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.03.18 11:00:40 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2010.03.18 11:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010.03.18 11:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010.02.11 09:42:54 | 005,352,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009.07.14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009.07.14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009.07.14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009.07.14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010.02.24 14:41:50 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========







IE - HKU\S-1-5-21-3215773759-1141924191-89271744-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A6 7F 26 20 FE 2C CB 01 [binary data]
IE - HKU\S-1-5-21-3215773759-1141924191-89271744-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010.07.28 18:09:37 | 000,000,915 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.langsoft.cz
O1 - Hosts: 127.0.0.1 iws.intranet.cz
O1 - Hosts: 127.0.0.1 www.pctranslator.cz
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3215773759-1141924191-89271744-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b890368a-98ef-11df-9a34-0019db22a42c}\Shell - "" = AutoRun
O33 - MountPoints2\{b890368a-98ef-11df-9a34-0019db22a42c}\Shell\AutoRun\command - "" = E:\autoplay.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 7 Days ==========

[2010.09.12 21:50:08 | 000,000,000 | ---D | C] -- C:\Users\PoLo\AppData\Roaming\Malwarebytes
[2010.09.12 21:50:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.09.12 21:49:59 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.09.12 21:49:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.09.12 21:49:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.12 21:48:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2010.09.12 21:48:33 | 000,000,000 | ---D | C] -- C:\rsit
[2010.09.12 20:07:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HiJackThis
[2010.09.11 15:13:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2010.09.10 19:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\MetaQuotes
[2010.09.10 19:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\MetaTrader 5
[2010.09.10 17:27:02 | 000,000,000 | ---D | C] -- C:\PFiles
[2010.09.10 16:13:46 | 000,000,000 | ---D | C] -- C:\Users\PoLo\AppData\Roaming\Saxo Bank
[2010.09.10 16:13:11 | 000,000,000 | ---D | C] -- C:\Users\PoLo\AppData\Local\Saxo Bank
[2010.09.10 16:12:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Saxo Bank
[2010.09.10 16:12:37 | 000,000,000 | ---D | C] -- C:\Windows\024D66E9D50C44A792B42DFDDD95D228.TMP
[2010.09.10 13:29:50 | 000,000,000 | ---D | C] -- C:\Users\PoLo\Documents\Saves
[2010.09.09 11:43:46 | 000,000,000 | ---D | C] -- C:\Users\PoLo\Documents\Outlook Files
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2010.09.12 22:56:56 | 001,572,864 | ---- | M] () -- C:\Users\PoLo\ntuser.dat
[2010.09.12 22:32:00 | 000,000,958 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3215773759-1141924191-89271744-1001UA.job
[2010.09.12 22:32:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3215773759-1141924191-89271744-1001Core.job
[2010.09.12 21:50:04 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.12 20:11:31 | 000,016,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.12 20:11:31 | 000,016,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.12 20:10:31 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.09.12 20:10:31 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.09.12 20:10:31 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.09.12 20:07:35 | 000,002,993 | ---- | M] () -- C:\Users\PoLo\Desktop\HiJackThis.lnk
[2010.09.12 20:04:18 | 000,524,288 | -HS- | M] () -- C:\Users\PoLo\ntuser.dat{d6368a25-be37-11df-95db-0019db22a42c}.TMContainer00000000000000000002.regtrans-ms
[2010.09.12 20:04:18 | 000,524,288 | -HS- | M] () -- C:\Users\PoLo\ntuser.dat{d6368a25-be37-11df-95db-0019db22a42c}.TMContainer00000000000000000001.regtrans-ms
[2010.09.12 20:04:18 | 000,065,536 | -HS- | M] () -- C:\Users\PoLo\ntuser.dat{d6368a25-be37-11df-95db-0019db22a42c}.TM.blf
[2010.09.12 20:04:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.12 20:04:08 | 000,415,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.09.12 20:04:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.12 20:02:04 | 003,555,859 | -H-- | M] () -- C:\Users\PoLo\AppData\Local\IconCache.db
[2010.09.12 14:29:41 | 000,105,378 | ---- | M] () -- C:\Users\PoLo\Documents\P1AVG.xlsx
[2010.09.11 19:20:44 | 005,970,502 | ---- | M] () -- C:\Users\PoLo\Desktop\Obchodní Denník.xlsx
[2010.09.10 20:16:23 | 000,059,285 | ---- | M] () -- C:\Users\PoLo\Documents\FOND.xlsx
[2010.09.10 16:13:12 | 000,109,208 | ---- | M] () -- C:\Users\PoLo\AppData\Local\GDIPFONTCACHEV1.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.09.12 21:50:04 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.12 20:07:35 | 000,002,993 | ---- | C] () -- C:\Users\PoLo\Desktop\HiJackThis.lnk
[2010.09.12 20:04:18 | 000,524,288 | -HS- | C] () -- C:\Users\PoLo\ntuser.dat{d6368a25-be37-11df-95db-0019db22a42c}.TMContainer00000000000000000002.regtrans-ms
[2010.09.12 20:04:18 | 000,524,288 | -HS- | C] () -- C:\Users\PoLo\ntuser.dat{d6368a25-be37-11df-95db-0019db22a42c}.TMContainer00000000000000000001.regtrans-ms
[2010.09.12 20:04:18 | 000,065,536 | -HS- | C] () -- C:\Users\PoLo\ntuser.dat{d6368a25-be37-11df-95db-0019db22a42c}.TM.blf
[2010.09.11 13:50:24 | 005,970,502 | ---- | C] () -- C:\Users\PoLo\Desktop\Obchodní Denník.xlsx
[2010.08.14 10:40:44 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010.08.14 10:40:44 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010.08.14 10:40:44 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010.07.28 14:52:50 | 000,022,782 | ---- | C] () -- C:\Users\PoLo\AppData\Roaming\SLOVA.WAV
[2010.07.28 14:52:50 | 000,022,382 | ---- | C] () -- C:\Users\PoLo\AppData\Roaming\TMP.WAV
[2010.07.28 14:51:43 | 000,000,053 | ---- | C] () -- C:\Windows\WTRDCTM.INI
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[1997.06.14 03:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll

========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< c:\windows\*.* /U >
[1 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]


< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
< End of report >


Tou složkou si nejsem jist, mám ji smazat? Uvnitř je nějaké video, které určitě nepotřebuji.

[bledulka]

Já ji smažu

Tyto soubory znáš?
C:\Users\PoLo\AppData\Roaming\SLOVA.WAV
C:\Users\PoLo\AppData\Roaming\TMP.WAV


Spusť OTL
-do bílého okna dole zkopíruj:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O33 - MountPoints2\{b890368a-98ef-11df-9a34-0019db22a42c}\Shell\AutoRun\command - "" = E:\autoplay.exe -- File not found

:files
C:\AllokRMFolder
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s

:COMMANDS
[emptytemp]
[EMPTYFLASH]
[reboot]


-klikni na tlačítko opravit.
-log vlož zde

[jakubpolo]

Log po restartu PC po smazání:

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b890368a-98ef-11df-9a34-0019db22a42c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b890368a-98ef-11df-9a34-0019db22a42c}\ not found.
File E:\autoplay.exe not found.
========== FILES ==========
C:\AllokRMFolder folder moved successfully.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\024D66E9D50C44A792B42DFDDD95D228.TMP folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPD7C3.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPF7A6.tmp folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: PoLo
->Temp folder emptied: 292222 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 29182005 bytes
->Google Chrome cache emptied: 6796103 bytes
->Flash cache emptied: 22459 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 603760 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 35,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: PoLo
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.12.0 log created on 09132010_142938

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP00000007F8FB538B3E436E0C not found!

Registry entries deleted on Reboot...


Vámi zmíněné soubory neznám.

Na C:/ se mě vytvořily/delší dobou jsou tyto složky:
_OTL
PerfLogs
PFiles
rsit

Některé jsou nejspíš vytvoření programy, kterými opravuji PC - mám všechny nechat?

Dále se mě neustále objevuje soubor LOGFILE.txt obsahující jen toto:
T1

T2

T2

T3

T4

T5

T6

T7

T8

T9

T10

T11

T12

T13

T14


čas od času ho mažu, čím déle ho tam nechávám, tím více tam těch T je. Vůbec mě tam nevadí, je to jen 1KB, jen oznamuji, že se to tam objevuje.

Jinak normálně používám PC s Windows 7 Prof. english na standardní serfování na internetu, občas nějaké hry, programy na obchodování, Miranda a více téměř nic, takže je-li tam něco zbytečně, klidně mě raďte, jestli, jak a co odstraňovat dál :-)

Složka C:\AllokRMFolder po použití programu úspěšně zmizela .-)
Pro úplnost uvádím, co všechno včera provedl můj antivir:
1)Category: Trojan Downloader

Description: This program is dangerous and downloads other programs.

Recommendation: Remove this software immediately.

Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the 'Allow' action and click 'Apply actions'. If this option is not available, log on as administrator or ask the local administrator for help.

Items:
containerfile:C:\Users\PoLo\Downloads\Dinner for Schmucks[2010]DvDrip[Eng]-FXG\Dinner for Schmucks[2010]DvDrip[Eng]-FXG.avi
file:C:\Users\PoLo\Downloads\Dinner for Schmucks[2010]DvDrip[Eng]-FXG\Dinner for Schmucks[2010]DvDrip[Eng]-FXG.avi->(ASF_Script_Commands)

Get more information about this item online.

2)Category: Trojan Downloader

Description: This program is dangerous and downloads other programs.

Recommendation: Remove this software immediately.

Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the 'Allow' action and click 'Apply actions'. If this option is not available, log on as administrator or ask the local administrator for help.

Items:
file:C:\Users\PoLo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B33W5OTP\vvqkfy[1].htm
file:C:\Users\PoLo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YCYKFWTX\vvqkfy[1].htm
file:C:\Users\PoLo\AppData\Local\Temp\qphc.exe

Get more information about this item online.

3)Category: Trojan Downloader

Description: This program is dangerous and downloads other programs.

Recommendation: Remove this software immediately.

Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the 'Allow' action and click 'Apply actions'. If this option is not available, log on as administrator or ask the local administrator for help.

Items:
containerfile:C:\Users\PoLo\AppData\Local\Temp\Free.Movie.License4.exe
file:C:\Users\PoLo\AppData\Local\Temp\Free.Movie.License4.exe->(UPX)

Get more information about this item online.

4)Category: Tool

Description: This program is used to create viruses, worms or other malware.

Recommendation: Remove this software immediately.

Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the 'Allow' action and click 'Apply actions'. If this option is not available, log on as administrator or ask the local administrator for help.

Items:
file:C:\Users\PoLo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B33W5OTP\hytniqkszx[1].htm
file:C:\Users\PoLo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YCYKFWTX\hytniqkszx[1].htm
file:C:\Users\PoLo\AppData\Local\Temp\voujl.exe

Get more information about this item online.

5)Category: Password Stealer

Description: This program is dangerous and captures user passwords.

Recommendation: Remove this software immediately.

Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the 'Allow' action and click 'Apply actions'. If this option is not available, log on as administrator or ask the local administrator for help.

Items:
file:C:\Windows\pss\svchost.exe.Startup

Get more information about this item online.


Den předtím:
Microsoft Security Essentials encountered the following error: Error code 0x80070005. Access is denied.

Category: Tool

Description: This program has potentially unwanted behavior.

Recommendation: Permit this detected item only if you trust the program or the software publisher.

Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the 'Allow' action and click 'Apply actions'. If this option is not available, log on as administrator or ask the local administrator for help.

Items:
file:E:\steambackup.exe

Get more information about this item online.


U všech virů odstraněných včera a dny předtím je nebezpečnost "Severe", u toho z dne předchozího medium.

Jakub

[bledulka]

Tyto soubory ještě otestuj na www.virustotal.com
C:\Users\PoLo\AppData\Roaming\SLOVA.WAV
C:\Users\PoLo\AppData\Roaming\TMP.WAV
-Do okénka zkopíruj cestu k souboru , pokud napíše, že soubor byl už testován, dej otestovat znovu.
-Sem vlož link s výsledky.

Poprosím o nový log ze rsitu. Ty soubory za chvilku pomažeme.
Antivir už nic nehlásí a počítač se chová slušně?

[jakubpolo]

http://www.virustotal.com/file-scan/rep ... 1284388569
http://www.virustotal.com/file-scan/rep ... 1284388787

Ty soubory v každém případě neznám a myslím, že tam ještě nedávno nebyly.


Logfile of random's system information tool 1.08 (written by random/random)
Run by PoLo at 2010-09-13 16:41:16
Microsoft Windows 7 Professional
System drive C: has 196 GB (82%) free of 238 GB
Total RAM: 3071 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:41:24, on 13.9.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Users\PoLo\Documents\Miranda IM\miranda32.exe
C:\Users\PoLo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PoLo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PoLo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PoLo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PoLo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PoLo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PoLo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PoLo\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\PoLo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6073 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3215773759-1141924191-89271744-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3215773759-1141924191-89271744-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-01-16 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-07-26 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-09-13 14:29:38 ----D---- C:\_OTL
2010-09-12 21:50:08 ----D---- C:\Users\PoLo\AppData\Roaming\Malwarebytes
2010-09-12 21:50:01 ----A---- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
2010-09-12 21:49:59 ----D---- C:\ProgramData\Malwarebytes
2010-09-12 21:49:59 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-09-12 21:48:33 ----D---- C:\rsit
2010-09-12 21:48:33 ----D---- C:\Program Files (x86)\trend micro
2010-09-12 20:07:33 ----D---- C:\Program Files (x86)\HiJackThis
2010-09-12 01:46:45 ----A---- C:\LOGFILE.TXT
2010-09-11 15:13:50 ----D---- C:\Program Files (x86)\JDownloader
2010-09-10 19:07:45 ----D---- C:\ProgramData\MetaQuotes
2010-09-10 17:27:02 ----D---- C:\PFiles
2010-09-10 16:13:46 ----D---- C:\Users\PoLo\AppData\Roaming\Saxo Bank
2010-09-10 16:12:54 ----D---- C:\Program Files (x86)\Saxo Bank
2010-09-05 21:23:26 ----D---- C:\Program Files (x86)\Free MOV to AVI Converter
2010-09-02 18:20:31 ----RHD---- C:\Users\PoLo\AppData\Roaming\SecuROM
2010-09-02 18:20:30 ----A---- C:\Windows\SysWOW64\CmdLineExt_x64.dll
2010-09-02 18:20:15 ----A---- C:\Windows\SysWOW64\XAudio2_2.dll
2010-09-02 18:20:15 ----A---- C:\Windows\SysWOW64\XAPOFX1_1.dll
2010-09-02 18:20:15 ----A---- C:\Windows\SysWOW64\xactengine3_2.dll
2010-09-02 18:20:14 ----A---- C:\Windows\SysWOW64\d3dx10_39.dll
2010-09-02 18:20:14 ----A---- C:\Windows\SysWOW64\D3DCompiler_39.dll
2010-09-02 18:20:13 ----A---- C:\Windows\SysWOW64\XAudio2_1.dll
2010-09-02 18:20:13 ----A---- C:\Windows\SysWOW64\XAPOFX1_0.dll
2010-09-02 18:20:13 ----A---- C:\Windows\SysWOW64\D3DX9_39.dll
2010-09-02 18:20:12 ----A---- C:\Windows\SysWOW64\xactengine3_1.dll
2010-09-02 18:20:12 ----A---- C:\Windows\SysWOW64\X3DAudio1_4.dll
2010-09-02 18:20:11 ----A---- C:\Windows\SysWOW64\d3dx10_38.dll
2010-09-02 18:20:11 ----A---- C:\Windows\SysWOW64\D3DCompiler_38.dll
2010-09-02 18:20:10 ----A---- C:\Windows\SysWOW64\D3DX9_38.dll
2010-09-02 18:19:17 ----A---- C:\Windows\SysWOW64\wrap_oal.dll
2010-09-02 18:19:17 ----A---- C:\Windows\SysWOW64\OpenAL32.dll
2010-09-02 17:54:10 ----D---- C:\Program Files (x86)\Deep Silver
2010-09-02 17:39:28 ----D---- C:\Windows\SysWOW64\AGEIA
2010-09-02 17:39:27 ----D---- C:\Program Files (x86)\AGEIA Technologies
2010-09-02 17:39:21 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2010-08-30 17:41:16 ----D---- C:\EA GAMES
2010-08-29 13:03:40 ----D---- C:\ProgramData\Gecko Software
2010-08-29 12:51:37 ----D---- C:\Windows\Downloaded Installations
2010-08-28 21:05:28 ----D---- C:\Program Files (x86)\Microsoft Games
2010-08-28 14:22:37 ----D---- C:\Program Files (x86)\Ascaron Entertainment
2010-08-27 18:29:59 ----D---- C:\Users\PoLo\AppData\Roaming\Ascaron Entertainment
2010-08-25 09:57:37 ----A---- C:\Windows\SysWOW64\oleaut32.dll
2010-08-24 13:48:17 ----D---- C:\ZLO
2010-08-21 23:03:46 ----D---- C:\ProgramData\Trymedia
2010-08-19 09:53:07 ----D---- C:\Program Files (x86)\Diablo II
2010-08-18 19:36:53 ----D---- C:\Program Files (x86)\Plus500
2010-08-18 11:49:01 ----D---- C:\Program Files (x86)\Hero Editor
2010-08-18 11:48:58 ----N---- C:\Windows\Setup1.exe
2010-08-18 11:48:57 ----A---- C:\Windows\ST6UNST.EXE
2010-08-17 16:07:44 ----D---- C:\Windows\Minidump
2010-08-15 21:28:34 ----D---- C:\Windows\Sun
2010-08-14 21:18:35 ----D---- C:\Users\PoLo\AppData\Roaming\AoboBlocker
2010-08-14 21:14:14 ----D---- C:\Program Files (x86)\MpSoft
2010-08-14 10:40:44 ----AT---- C:\Windows\SysWOW64\SIntfNT.dll
2010-08-14 10:40:44 ----AT---- C:\Windows\SysWOW64\SIntf32.dll
2010-08-14 10:40:44 ----AT---- C:\Windows\SysWOW64\SIntf16.dll

======List of files/folders modified in the last 1 months======

2010-09-13 16:39:04 ----D---- C:\Windows\Temp
2010-09-13 16:29:06 ----D---- C:\Windows\System32
2010-09-13 16:29:06 ----D---- C:\Windows\inf
2010-09-13 16:23:22 ----D---- C:\Windows
2010-09-13 14:41:48 ----D---- C:\Windows\Prefetch
2010-09-12 22:15:05 ----D---- C:\Windows\pss
2010-09-12 21:50:01 ----D---- C:\Windows\SysWOW64\drivers
2010-09-12 21:49:59 ----RD---- C:\Program Files (x86)
2010-09-12 21:49:59 ----HD---- C:\ProgramData
2010-09-12 20:15:54 ----D---- C:\Users\PoLo\AppData\Roaming\uTorrent
2010-09-12 20:14:43 ----SHD---- C:\System Volume Information
2010-09-12 20:07:36 ----SHD---- C:\Windows\Installer
2010-09-12 20:03:54 ----D---- C:\Windows\Tasks
2010-09-12 20:03:31 ----D---- C:\Windows\SysWOW64\Macromed
2010-09-12 20:03:28 ----D---- C:\Windows\AppCompat
2010-09-12 20:03:28 ----D---- C:\Users\PoLo\AppData\Roaming\LangSoft
2010-09-12 20:03:28 ----D---- C:\ProgramData\Microsoft Help
2010-09-12 20:03:25 ----D---- C:\Windows\registration
2010-09-10 13:36:59 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-09-09 22:13:00 ----D---- C:\Users\PoLo\AppData\Roaming\Skype
2010-09-09 19:59:25 ----D---- C:\Users\PoLo\AppData\Roaming\skypePM
2010-09-06 16:03:24 ----RSD---- C:\Windows\assembly
2010-09-05 21:41:42 ----D---- C:\Windows\SysWOW64
2010-09-05 21:22:07 ----SD---- C:\Users\PoLo\AppData\Roaming\Microsoft
2010-09-03 12:29:45 ----D---- C:\Program Files (x86)\CCleaner
2010-09-02 17:39:21 ----D---- C:\Program Files (x86)\Common Files
2010-08-30 17:33:59 ----D---- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2010-08-30 17:14:23 ----D---- C:\ProgramData\Blizzard Entertainment
2010-08-29 12:52:32 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2010-08-29 12:41:10 ----D---- C:\Program Files (x86)\uTorrent
2010-08-28 21:05:51 ----RSD---- C:\Windows\Fonts
2010-08-27 21:17:15 ----D---- C:\Program Files (x86)\TuneUp Utilities 2010
2010-08-27 14:56:42 ----A---- C:\Windows\SysWOW64\authuitu.dll
2010-08-27 14:56:30 ----A---- C:\Windows\SysWOW64\uxtuneup.dll
2010-08-25 10:15:41 ----D---- C:\Windows\winsxs
2010-08-25 09:58:23 ----D---- C:\Windows\AppPatch
2010-08-21 23:30:09 ----RD---- C:\Program Files
2010-08-21 16:48:14 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2010-08-14 21:20:35 ----D---- C:\Windows\debug
2010-08-14 00:09:24 ----D---- C:\ProgramData\PopCap Games

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys []
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys []
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys []
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-24 11856]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys []
S2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []
S3 a2g3gtgj;a2g3gtgj; C:\Windows\SysWOW64\drivers\a2g3gtgj.sys []
S3 cpuz130;cpuz130; \??\C:\Users\PoLo\AppData\Local\Temp\cpuz130\cpuz_x64.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\ZLO\Garena\plugins\UI\safedrv.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe []
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17424]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-08-27 1403200]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2010-05-06 357456]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TuneUp.Defrag;@C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-08-27 607040]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []

-----------------EOF-----------------

Antivir už nic nehlásí, ale dnes jsem na počítači zatím dohromady tak hodinu.

[bledulka]

Tuhle složku asi znáš
C:\ZLO

Takže ty dva neznámé soubory dej do zipu nebo raru a ulož někam stranou. Pak je smaž, kdyby je nějaký program potřeboval, obnovíš je z raru.

Ještě znovu otevři OTL a klikni na tlačítko Vyčisti, uklidí po sobě.

A teď mi ještě napiš, které soubory Ti tam zůstali.