Číňan a nemám přístup k vytváření na C: LOG +

[ondoubek]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:39:55, on 27.12.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Users\ondra\Documents\CoreTemp32\Core Temp.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Windows\PixArt\i-Look110\Monitor.exe
C:\Program Files\EXPERTool\TBPANEL.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Connectify\Connectify.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Ralink\Common\RaUI.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\ondra\Downloads\hijackthis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: WinToFlash Suggestor - {FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD} - C:\Program Files\WinToFlash Suggestor\WinToFlashSuggestor.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe -s
O4 - HKLM\..\Run: [PAC207_Monitor] C:\Windows\PixArt\i-Look110\Monitor.exe
O4 - HKCU\..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe /A
O4 - HKCU\..\Run: [HotSwap! Applet] "C:\Users\ondra\Documents\HotSwap! 5.0.0.0\32bit\HotSwap!.EXE"
O4 - HKCU\..\Run: [Connectify] C:\Program Files\Connectify\Connectify.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\Ralink\Common\RaUI.exe
O9 - Extra button: WinToFlash Suggestor - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files\WinToFlash Suggestor\WinToFlashSuggestor.dll
O9 - Extra 'Tools' menuitem: WinToFlash Suggestor options - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files\WinToFlash Suggestor\WinToFlashSuggestor.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: AODService - Unknown owner - C:\Program Files\AMD\OverDrive\AODAssist.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exe
O23 - Service: Connectify - Unknown owner - C:\Program Files\Connectify\ConnectifyService.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RalinkRegistryWriter - Ralink Technology, Corp. - C:\Program Files\Ralink\Common\RaRegistry.exe
O23 - Service: RaMediaServer - Unknown owner - C:\Program Files\Ralink\Common\RaMediaServer.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: webcam 7 Service (w7Svc) - Moonware Studios - C:\Program Files\webcam 7\wService.exe

--
End of file - 8659 bytes

[Reklama]

[Damned]

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti: Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko Konec.
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje a poté kliknutím na OK spusť program
- nech vybranou možnost Rychlá kontrola a klikni na tlačítko Prohledat

Bude-li nalezen problém:
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost Uložit protokol a ulož si log na Plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
- výsledný log mi sem zkopíruj
(zatím nic nemaž!).

Nebude-li nalezen problém:
- Klikni na tlačítko "OK" a sděl mi to

[ondoubek]

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Verze databáze: v2012.12.21.08

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
ondra :: ONDRA-PC [administrátor]

27.12.2012 19:40:49
mbam-log-2012-12-27 (20-52-29).txt

Typ: Úplná kontrola (C:\|D:\|E:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 431544
Uplynulý čas: 1 hodin, 11 minut, 21 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 15
C:\Users\ondra\Desktop\Programy na správu WiFi\WirelessNetView\WirelessNetView.exe (PUP.WirelessNetworkTool) -> Žádná instrukce nebyla provedena.
C:\Users\ondra\Documents\Programování\Lerain\Lerain-DOS\Lerain 1.0.1\cs\nabidky.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
C:\Users\ondra\Documents\Programování\Lerain\Lerain-DOS\Lerain 1.0.1\cs\profily.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
D:\MOS\Start.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
D:\MOS\cs\AUTOEXEC.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
D:\MOS\cs\hernimenu.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
D:\MOS\cs\home.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
D:\MOS\cs\LOGIN.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
D:\MOS\cs\login1.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
D:\MOS\cs\nabidky.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
D:\MOS\cs\nastaveni.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
D:\MOS\cs\profily.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
D:\MOS\cs\regis.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
D:\MOS\cs\register.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
D:\MOS\cs\zmenit-heslo.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.

(konec)

[Damned]

Spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec
*****************************************************************************************************************************
Vypni rezidentní štít antiviru.
Stáhni si ComboFix (by sUBs) nebo ComboFix (subs) a ulož si ho na Plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[ondoubek]

Rychlá kontrola bez nálezu.Mám jít na ten combofix?

[ondoubek]

Btw: Ty soubory co označil za trojany jsem sám programoval,takže možná bug?
Wireless net view je program na ukázaní straceného wlan hesla.

[Damned]

I ten Lerain je tvůj?
Ten WirelessNetView.exe můžeš tedy zkontrolovat na http://www.virustotal.com. Vlož mi sem výsledek kontroly.
Pak by se udělal ComboFix.

[ondoubek]

Lerain programuju s madarou.Pomáhám mu s tím a konvertuju do EXáčů.

[ondoubek]

výsledky:
Antivirus Result Update
Agnitum - 20121227
AhnLab-V3 - 20121227
AntiVir - 20121227
Antiy-AVL - 20121227
Avast Win32:PSWtool-AP [PUP] 20121227
AVG HackTool.SUK 20121227
BitDefender - 20121227
ByteHero - 20121226
CAT-QuickHeal - 20121227
ClamAV - 20121227
Commtouch - 20121227
Comodo Application.Win32.WirelessNetView.A 20121227
DrWeb - 20121227
Emsisoft Riskware.Win32.WirelessNetView.AMN (A) 20121227
eSafe - 20121226
ESET-NOD32 probably a variant of Win32/PSWTool.WirelessNetView.A 20121227
F-Prot - 20121227
F-Secure - 20121227
Fortinet - 20121227
GData - 20121227
Ikarus - 20121227
Jiangmin - 20121221
K7AntiVirus - 20121227
Kaspersky - 20121227
Kingsoft - 20121225
Malwarebytes PUP.WirelessNetworkTool 20121227
McAfee - 20121227
McAfee-GW-Edition - 20121227
Microsoft - 20121227
MicroWorld-eScan Win32/PSWTool.WirelessNetView.A (ES) 20121227
NANO-Antivirus - 20121227
Norman - 20121227
nProtect - 20121227
Panda - 20121227
PCTools - 20121227
Rising - 20121227
Sophos - 20121227
SUPERAntiSpyware - 20121227
Symantec - 20121227
TheHacker Posible_Worm32 20121227
TotalDefense - 20121227
TrendMicro - 20121227
TrendMicro-HouseCall - 20121227
VBA32 - 20121226
VIPRE - 20121227
ViRobot - 20121227

[Damned]

To je ten originál od NirSoft?
http://www.nirsoft.net/utils/wireless_network_view.html
Pokud ne, tak toto smaž.

Uděláme Combofix a pak si tam dáš originál od NirSoft.

[ondoubek]

ComboFix 12-12-27.03 - ondra 27.12.2012 21:29:33.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3326.2063 [GMT 1:00]
Spuštěný z: c:\users\ondra\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-27 do 2012-12-27 )))))))))))))))))))))))))))))))
.
.
2012-12-27 20:51 . 2012-12-27 20:53 -------- d-----w- c:\users\ondra\AppData\Local\temp
2012-12-27 20:51 . 2012-12-27 20:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-27 18:20 . 2012-12-27 18:20 -------- d-----w- c:\program files\Nová složka
2012-12-25 12:20 . 2012-12-25 12:20 -------- d-----w- c:\users\ondra\AppData\Roaming\JAM Software
2012-12-25 12:20 . 2012-12-25 12:20 -------- d-----w- c:\program files\JAM Software
2012-12-23 20:43 . 2012-11-19 00:04 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FFA66FAD-0E2B-4884-991A-B3C5116BAB82}\mpengine.dll
2012-12-23 20:22 . 2012-12-23 20:22 -------- d-----w- C:\found.002
2012-12-23 19:08 . 2012-12-23 20:35 -------- d-----w- c:\program files\Atheros
2012-12-23 19:07 . 2012-12-23 19:09 -------- d-----w- c:\programdata\Atheros
2012-12-23 19:01 . 2012-12-23 19:01 -------- d-----w- c:\program files\Sweex Wireless LAN
2012-12-22 15:27 . 2012-12-22 15:27 -------- d-----w- c:\users\ondra\AppData\Local\IsolatedStorage
2012-12-20 21:17 . 2012-12-20 21:17 -------- d-----w- c:\users\ondra\AppData\Local\4A Games
2012-12-19 19:16 . 2012-12-19 19:16 -------- d-----w- c:\program files\metro
2012-12-15 17:16 . 2012-12-15 17:16 -------- d-----w- c:\program files\Parabola Calculator
2012-12-15 17:14 . 2012-12-15 17:15 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-12-15 17:14 . 2012-12-15 17:15 286720 ------w- c:\windows\Setup1.exe
2012-12-11 18:48 . 2012-12-11 18:48 -------- d-----w- c:\windows\zy_tmp
2012-12-11 18:48 . 2004-08-17 10:23 5120 ----a-w- c:\windows\system32\tcusbdrv.dll
2012-12-11 18:48 . 2002-08-12 15:20 27264 ----a-w- c:\windows\system32\drivers\rndismpk.sys
2012-12-11 18:48 . 2002-08-12 15:20 11136 ----a-w- c:\windows\system32\drivers\usb8023k.sys
2012-12-09 17:28 . 2012-12-09 17:28 -------- d-----w- c:\users\ondra\AppData\Roaming\IrfanView
2012-12-09 17:28 . 2012-12-09 17:28 -------- d-----w- c:\program files\IrfanView
2012-12-08 19:26 . 2012-12-08 19:43 -------- d-----w- c:\users\ondra\Ekahau Site Survey
2012-12-08 19:24 . 2012-12-08 19:24 -------- d-----w- c:\program files\Ekahau
2012-12-07 13:10 . 2012-12-07 13:10 -------- d-----w- c:\users\ondra\AppData\Local\Macromedia
2012-12-05 19:11 . 2012-12-05 19:11 -------- d-----w- c:\programdata\Ralink
2012-12-05 19:10 . 2011-04-28 13:20 1228864 ----a-w- c:\windows\system32\drivers\netr28u.sys
2012-12-05 19:10 . 2011-04-28 13:17 238944 ----a-w- c:\windows\system32\RaCoInst.dll
2012-12-05 19:10 . 2012-12-05 19:10 -------- d-----w- c:\programdata\Ralink Driver
2012-12-05 19:10 . 2012-12-05 19:10 -------- d-----w- c:\program files\Cisco
2012-12-05 19:10 . 2012-12-05 19:10 -------- d-----w- c:\windows\system32\RaLanguages
2012-12-05 19:10 . 2011-05-04 12:56 1608768 ----a-w- c:\windows\system32\RaCertMgr.dll
2012-12-05 19:10 . 2011-05-04 12:54 802880 ----a-w- c:\windows\system32\RAIHV.dll
2012-12-05 19:10 . 2010-07-01 16:45 119648 ----a-w- c:\windows\system32\RAEXTUI.dll
2012-12-05 19:10 . 2010-06-29 09:34 480608 ----a-w- c:\windows\system32\DiagFunc.dll
2012-12-05 19:10 . 2012-12-05 19:10 -------- d-----w- c:\program files\Ralink
2012-12-05 17:55 . 2009-02-05 01:49 451072 ----a-w- c:\windows\system32\ISSRemoveSP.exe
2012-11-30 07:09 . 2012-11-30 07:09 -------- d-----w- c:\program files\Common Files\Skype
2012-11-30 07:09 . 2012-11-30 07:09 -------- d-----r- c:\program files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-04 12:09 . 2012-05-26 16:47 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-04 12:09 . 2012-05-26 16:47 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-15 16:23 . 2012-11-15 16:23 49152 ----a-r- c:\users\ondra\AppData\Roaming\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe
2012-11-11 10:06 . 2012-11-09 18:32 141072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-11-11 10:06 . 2012-11-09 18:33 281120 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-11-11 10:06 . 2012-11-09 18:31 281120 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-11-09 20:52 . 2012-11-09 18:31 281120 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-11-09 18:32 . 2012-11-09 18:32 138904 ----a-w- c:\users\ondra\AppData\Roaming\PnkBstrK.sys
2012-11-09 18:31 . 2012-11-09 18:31 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-10-30 22:51 . 2012-05-16 13:05 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-05-16 13:05 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-05-16 13:05 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-05-16 13:05 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-05-16 13:05 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-05-16 13:04 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-05-16 13:04 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-15 16:59 . 2012-05-16 13:05 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-14 07:35 . 2012-10-14 07:35 27248 ----a-w- c:\windows\system32\drivers\cnnctfy2.sys
2012-10-11 17:49 . 2012-11-04 10:17 2468520 ----a-w- c:\windows\system32\BootMan.exe
2012-09-29 18:54 . 2012-10-06 18:12 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-29 06:58 . 2012-05-17 04:26 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-08 15:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-08 15:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-08 15:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-08 15:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2009-05-12 2181672]
"HotSwap! Applet"="c:\users\ondra\Documents\HotSwap! 5.0.0.0\32bit\HotSwap!.EXE" [2009-11-10 107520]
"Connectify"="c:\program files\Connectify\Connectify.exe" [2012-11-09 4013928]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2012-06-12 5708432]
"PAC207_Monitor"="c:\windows\PixArt\i-Look110\Monitor.exe" [2007-12-10 323584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2012-12-5 12909928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^ondra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
R2 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 DxkgFilter;Filtering Dxkg;c:\program files\iDisplay\idisplay.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [x]
R3 MarkFun_NT;MarkFun_NT;c:\program files\Gigabyte\ET5\markfun.w32 [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [x]
R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [x]
R3 PAC207;i-Look 110;c:\windows\system32\DRIVERS\PFC027.SYS [x]
R3 RaMediaServer;RaMediaServer;c:\program files\Ralink\Common\RaMediaServer.exe [x]
R3 RTCore32;RTCore32;c:\program files\MSI Afterburner\RTCore32.sys [x]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 w7Svc;webcam 7 Service;c:\program files\webcam 7\wService.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy2.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\AMD\OverDrive\i386\AODDriver2.sys [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [x]
S2 Connectify;Connectify;c:\program files\Connectify\ConnectifyService.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
S2 EkaProt6;Ekahau User Protocol Driver for NDIS 6;c:\windows\system32\DRIVERS\ekaprot6.sys [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]
S3 ALSysIO;ALSysIO;c:\users\ondra\AppData\Local\Temp\ALSysIO.sys [x]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-33959413-2999115600-1941737774-1001Core.job
- c:\users\ondra\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-21 17:37]
.
2012-12-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-33959413-2999115600-1941737774-1001UA.job
- c:\users\ondra\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-21 17:37]
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-16 13:05]
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-16 13:05]
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-33959413-2999115600-1941737774-1001Core.job
- c:\users\ondra\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-13 13:10]
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-33959413-2999115600-1941737774-1001UA.job
- c:\users\ondra\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-13 13:10]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
TCP: Interfaces\{0720E444-34BE-4B53-B4C4-A5A3EBCB7B03}\140546F6572627166737B697: DhcpNameServer = 77.48.95.1 192.168.2.1
FF - ProfilePath - c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\gq702ok8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-ManyCam - c:\program files\ManyCam\Bin\ManyCam.exe
MSConfigStartUp-Remoter - c:\users\ondra\Documents\RemoterServer.exe
.
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600
.
CreateFile("\\.\PHYSICALDRIVE0"): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\w7Svc]
"ImagePath"="c:\program files\webcam 7\wService.exe /startedbyscm:5053B757-40E35B3B-webcam7SRV"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MarkFun_NT]
"ImagePath"="\??\c:\program files\Gigabyte\ET5\markfun.w32"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-33959413-2999115600-1941737774-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-33959413-2999115600-1941737774-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(1944)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\users\ondra\Documents\CoreTemp32\Core Temp.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Connectify\ConnectifyD.exe
c:\windows\system32\conhost.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Ralink\Common\RaRegistry.exe
c:\windows\system32\vmnat.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\VMware\VMware Player\vmware-authd.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\msiexec.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2012-12-27 21:56:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-27 20:56
.
Před spuštěním: Volných bajtů: 103 354 318 848
Po spuštění: Volných bajtů: 103 133 913 088
.
- - End Of File - - 9DC5F2489080C52642210A5BAED7A0BF





nevím jestli je originál.Stáhnu ten orig.

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený červeně:

KillAll::
File::
c:\users\ondra\AppData\Local\Temp\ALSysIO.sys
C:\found.002

Folder::
c:\users\ondra\AppData\Local\Google\Update
c:\program files\Google\Update
c:\users\ondra\AppData\Local\Facebook\Update
c:\windows\zy_tmp

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu

Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.