ComboFix 11-07-31.02 - Markis 31.07.2011  12:38:49.2.2 - x86
Microsoft Windows 7 Professional   6.1.7600.0.1250.420.1029.18.3037.2112 [GMT 2:00]
Sputn z: c:\users\Markis\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Ostatn vmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
(((((((((((((((((((((((((   Soubory vytvoen od 2011-06-28 do 2011-07-31  )))))))))))))))))))))))))))))))
.
.
2011-07-31 10:43 . 2011-07-31 10:43	--------	d-----w-	c:\users\Markis\AppData\Local\temp
2011-07-31 10:43 . 2011-07-31 10:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-07-31 08:50 . 2011-07-31 08:50	54016	----a-w-	c:\windows\system32\drivers\qtiru.sys
2011-07-30 19:18 . 2011-07-30 19:18	--------	d-----w-	c:\users\Markis\AppData\Roaming\Malwarebytes
2011-07-30 19:18 . 2011-07-06 17:52	41272	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-30 19:18 . 2011-07-30 19:18	--------	d-----w-	c:\programdata\Malwarebytes
2011-07-30 19:18 . 2011-07-06 17:52	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-07-30 19:18 . 2011-07-30 19:18	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-07-30 12:22 . 2011-07-30 20:27	--------	d-----w-	C:\rsit
2011-07-30 12:22 . 2011-07-30 12:26	--------	d-----w-	c:\program files\trend micro
2011-07-30 08:41 . 2011-07-30 11:10	--------	d--h--w-	c:\windows\update.tray-5-0
2011-07-30 08:41 . 2011-07-30 11:10	--------	d--h--w-	c:\windows\update.tray-5-0-lnk
2011-07-30 08:37 . 2011-07-30 12:19	--------	d-----w-	c:\programdata\Comodo
2011-07-30 08:36 . 2011-07-30 12:19	--------	d-----w-	c:\programdata\Comodo Downloader
2011-07-30 07:34 . 2011-07-30 07:34	--------	d-----w-	c:\windows\system32\SPReview
2011-07-29 22:17 . 2011-03-25 03:06	258560	----a-w-	c:\windows\system32\drivers\usbhub.sys
2011-07-29 22:17 . 2011-03-25 03:06	284160	----a-w-	c:\windows\system32\drivers\usbport.sys
2011-07-29 22:17 . 2011-03-25 03:06	75776	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2011-07-29 22:17 . 2011-03-25 03:06	43008	----a-w-	c:\windows\system32\drivers\usbehci.sys
2011-07-29 22:17 . 2011-03-25 03:06	20480	----a-w-	c:\windows\system32\drivers\usbohci.sys
2011-07-29 22:17 . 2011-03-25 03:06	24064	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2011-07-29 22:17 . 2011-03-25 03:06	5888	----a-w-	c:\windows\system32\drivers\usbd.sys
2011-07-29 22:15 . 2011-07-13 03:39	6881616	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F2BB8768-E8A5-4039-850C-718204AD3458}\mpengine.dll
2011-07-29 22:01 . 2011-07-29 22:01	--------	d-----w-	c:\programdata\Alwil Software
2011-07-29 21:54 . 2011-07-29 21:54	--------	d-----w-	c:\windows\CheckSur
2011-07-29 20:09 . 2011-07-29 21:14	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2011-07-29 13:23 . 2011-07-29 13:23	--------	d-----w-	c:\users\Markis\AppData\Local\Apps
2011-07-18 12:37 . 2011-07-18 12:37	--------	d-----w-	c:\users\Markis\AppData\Roaming\SUPERAntiSpyware.com
2011-07-18 12:37 . 2011-07-18 12:37	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2011-07-18 12:37 . 2011-07-29 21:14	--------	d-----w-	c:\program files\SUPERAntiSpyware
2011-07-18 10:49 . 2011-07-29 22:09	--------	d-----w-	c:\programdata\AVAST Software
2011-07-18 10:49 . 2011-07-18 10:49	--------	d-----w-	c:\program files\AVAST Software
2011-07-18 09:29 . 2011-07-29 21:13	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-07-18 08:49 . 2011-07-29 21:14	--------	d-----w-	c:\program files\CCleaner
2011-07-16 06:25 . 2011-07-21 07:04	--------	d-----w-	c:\users\Markis\AppData\Local\ElevatedDiagnostics
2011-07-15 19:26 . 2011-07-29 21:16	--------	d-----w-	c:\windows\system32\EventProviders
2011-07-15 19:26 . 2011-07-29 21:14	--------	d-----w-	C:\82530f33dc244afc2757a9
2011-07-15 19:26 . 2011-07-15 19:26	41680	----a-w-	c:\windows\system32\drivers\hdzqyejd.sys
2011-07-15 16:05 . 2011-07-30 12:19	--------	d-----w-	c:\windows\ufa
2011-07-15 16:05 . 2011-07-29 22:11	246272	----a-w-	c:\windows\unrar.exe
2011-07-15 16:03 . 2011-07-30 12:19	--------	d-----w-	c:\windows\av_ico
2011-07-15 16:02 . 2011-07-31 08:50	--------	d--h--w-	c:\windows\update.tray-7-0-lnk
2011-07-15 16:02 . 2011-07-31 08:50	--------	d--h--w-	c:\windows\update.tray-7-0
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M vpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-30 07:52 . 2009-07-14 02:05	152064	----a-w-	c:\windows\system32\msclmd.dll
2011-07-03 09:25 . 2010-10-18 18:16	45056	----a-w-	c:\windows\system32\acovcnt.exe
2011-05-24 17:14 . 2010-06-28 17:56	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-05-24 10:35 . 2011-06-29 07:34	294912	----a-w-	c:\windows\system32\umpnpmgr.dll
2011-05-04 04:53 . 2011-06-29 07:34	1553920	----a-w-	c:\windows\system32\tquery.dll
2011-05-04 04:52 . 2011-06-29 07:34	1401856	----a-w-	c:\windows\system32\mssrch.dll
2011-05-04 04:52 . 2011-06-29 07:34	666624	----a-w-	c:\windows\system32\mssvp.dll
2011-05-04 04:52 . 2011-06-29 07:34	337408	----a-w-	c:\windows\system32\mssph.dll
2011-05-04 04:52 . 2011-06-29 07:34	197120	----a-w-	c:\windows\system32\mssphtb.dll
2011-05-04 04:52 . 2011-06-29 07:34	59392	----a-w-	c:\windows\system32\msscntrs.dll
2011-05-04 04:52 . 2011-06-29 07:34	428032	----a-w-	c:\windows\system32\SearchIndexer.exe
2011-05-04 04:52 . 2011-06-29 07:34	164352	----a-w-	c:\windows\system32\SearchProtocolHost.exe
2011-05-04 04:52 . 2011-06-29 07:34	86528	----a-w-	c:\windows\system32\SearchFilterHost.exe
2011-05-04 02:43 . 2011-06-17 13:06	222720	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:43 . 2011-06-17 13:06	96256	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-05-04 02:43 . 2011-06-17 13:06	123392	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-05-03 04:50 . 2011-06-17 13:07	740864	----a-w-	c:\windows\system32\inetcomm.dll
2009-04-08 08:31 . 2009-04-08 08:31	106496	----a-w-	c:\program files\Common Files\CPInstallAction.dll
2008-08-11 19:45 . 2008-08-11 19:45	155648	----a-w-	c:\program files\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((((((((   Spoutc body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznmka* przdn zznamy a legitimn vchoz daje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 14:50	1197448	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 15:08	143360	----a-w-	c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2009-08-12 233472]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 497024]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 1474560]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2009-08-19 170624]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-02-21 222504]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-09-24 210216]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-22 210216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\users\Markis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-6-28 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-12-03 00:34	35184	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
2009-06-24 10:30	272952	----a-w-	c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2010-06-28 17:42	72248	----a-w-	c:\windows\AsScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2010-06-28 17:42	3058304	----a-w-	c:\windows\AsScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-18 17:52	104936	----a-w-	c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2008-02-22 09:19	62760	----a-w-	c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-04-02 17:09	87336	----a-w-	c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R1 hdzqyejd;hdzqyejd;c:\windows\system32\drivers\hdzqyejd.sys [2011-07-15 41680]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-12 25600]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-06-18 15416]
S2 FastBootAgent;FastBootAgent;c:\windows\system32\FBAgent.exe [2009-08-21 280704]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-07-29 87040]
.
.
--- Ostatn sluby/ovladae v pamti ---
.
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMSWISSARMY
.
.
------- Doplkov sken -------
.
uStart Page = about:blank
TCP: DhcpNameServer = 10.137.96.1 192.168.15.2
FF - ProfilePath - c:\users\Markis\AppData\Roaming\Mozilla\Firefox\Profiles\v8p7g45p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNzfb010YYcz_ZNzfb014&ptb=97B20125-23D5-4E12-8BF4-DCB07DAD6DF1&psa=&ind=2011010205&ptnrS=ZNzfb010YYcz_ZNzfb014&si=&st=kwd&n=77dd949d&searchfor=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - NEPLATN POLOKY ODSTRANN Z REGISTRU - - - -
.
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
MSConfigStartUp-2548073 - c:\windows\Temp\2548073.exe
MSConfigStartUp-2671264 - c:\windows\Temp\2671264.exe
MSConfigStartUp-313250 - c:\users\Markis\AppData\Local\Temp\313250.exe
MSConfigStartUp-6807848 - c:\windows\Temp\6807848.exe
MSConfigStartUp-l1rezerv - c:\windows\l1rezerv.exe
.
.
.
--------------------- ZAMKNUT KLE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navzan na bc procesy ---------------------
.
- - - - - - - > 'lsass.exe'(500)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.DLL
.
Celkov as: 2011-07-31  12:45:55
ComboFix-quarantined-files.txt  2011-07-31 10:45
.
Ped sputnm: Volnch bajt: 439083646976
Po sputn: Volnch bajt: 439476555776
.
- - End Of File - - 9A26EAF06C7BC14C9060CE2AF00F5C26
