FB virus

[ainemia]

Dobrý den,

také patřím k těm "šťastlivcům", kteří naletěli na FB virus. Přikládám LOG. Předem děkuji za odezvu, všiml jsem si, že kvůli tomu viru máte hodně práce.


Logfile of random's system information tool 1.09 (written by random/random)
Run by Asus at 2011-07-26 00:06:24
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 7 GB (4%) free of 183 GB
Total RAM: 3070 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:06:27, on 26.7.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ATK Hotkey\HControlUser.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\P4P\P4P.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Windows\update.tray-15-0\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\update.tray-7-0\svchost.exe
C:\Windows\l1rezerv.exe
C:\Windows\systemup.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Carambis\Driver Updater\dupdater.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Users\Asus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Asus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Asus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Asus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Asus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Asus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Asus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Asus\Downloads\RSIT.exe
C:\Program Files\trend micro\Asus.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll (file missing)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HControlUser] "C:\Program Files\ATK Hotkey\HcontrolUser.exe"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [wxpdrv] C:\Windows\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\Windows\update.tray-15-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico1] C:\Windows\update.tray-7-0\svchost.exe
O4 - HKLM\..\Run: [3354650.exe] "C:\Users\Asus\AppData\Local\Temp\3354650.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\Windows\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\Windows\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [7966735.exe] "C:\Windows\Temp\7966735.exe"
O4 - HKLM\..\Run: [3879334.exe] "C:\Windows\Temp\3879334.exe"
O4 - HKLM\..\Run: [24244485-loader2.exe] "C:\Windows\Temp\24244485-loader2.exe"
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\Windows\l1rezerv.exe"
O4 - HKLM\..\Run: [systemup] "C:\Windows\systemup.exe" stand
O4 - HKLM\..\Run: [avast] "C:\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [Driver Updater] "C:\Program Files\Carambis\Driver Updater\dupdater.exe" /minimized
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Asus\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Slovnik\Verdict Free\etnxp.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Slovnik\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Slovnik\Verdict Free\etnxp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\PDF\PlotSoft\PDFill\DownloadPDF.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll (file missing)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (file missing)
O20 - AppInit_DLLs: APSHook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe (file missing)
O23 - Service: AVG Free E-mail Scanner (avg9emc) - Unknown owner - C:\Program Files\AVG\AVG9\avgemc.exe (file missing)
O23 - Service: AVG Free WatchDog (avg9wd) - Unknown owner - C:\Program Files\AVG\AVG9\avgwdsvc.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: srvbtcclient - Unknown owner - C:\Windows\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\Windows\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\Windows\sysdriver32.exe
O23 - Service: Windows Live ID Sign-in Assistant (wlidsvc) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (file missing)
O23 - Service: wxpdrivers - Unknown owner - C:\Windows\update.1\svchost.exe

--
End of file - 14507 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2461276827-3342496426-2710684221-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2461276827-3342496426-2710684221-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\9u6tm78v.default

prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.1, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, toolbar@ask.com:3.12.2.16749, {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872, avg@igeared:7.005.030.004, {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"
prefs.js - "keyword.URL" - "http://www.webhledani.cz/results.aspx?i=39&tp=ab&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{3f963a5b-e555-4543-90e2-c3908898db71}"=C:\Program Files\AVG\AVG9\Firefox
"avg@igeared"=C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
"{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}"=C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
"wrc@avast.com"=C:\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\PDF\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18]
"Description"=Veetle TV Core
"Path"=C:\Program Files\Veetle\plugins\npVeetle.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18]
"Description"=Veetle TV Player
"Path"=C:\Program Files\Veetle\Player\npvlc.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
npwachk.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
avg_igeared.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\9u6tm78v.default\extensions\
toolbar@ask.com
{20a82645-c095-46ed-80e3-08825760534b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\AVAST Software\Avast\aswWebRepIE.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-07 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
ASUS Security Protect Manager - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll [2006-11-21 70928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll []
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\AVAST Software\Avast\aswWebRepIE.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"HControlUser"=C:\Program Files\ATK Hotkey\HcontrolUser.exe [2008-01-12 98304]
"ATKOSD2"=C:\Program Files\ATKOSD2\ATKOSD2.exe [2008-01-24 7766016]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-04-16 178712]
"IaNvSrv"=C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe [2008-05-03 33304]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-04-02 6025216]
"IFXSPMGT"=C:\Windows\system32\ifxspmgt.exe [2007-02-26 677408]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2008-01-25 1208320]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-07 1029416]
"CognizanceTS"=C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll [2003-12-22 17920]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2008-02-01 61440]
"PowerForPhone"=C:\Program Files\P4P\P4P.exe [2007-08-03 778240]
"ASUS Screen Saver Protector"=C:\Windows\AsScrPro.exe [2010-07-30 3054136]
"ASUS Camera ScreenSaver"=C:\Windows\AsScrProlog.exe [2010-07-30 47672]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2010-07-12 74752]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2010-04-12 180224]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start []
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-15 35736]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe []
""= []
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2011-05-17 395144]
"wxpdrv"=C:\Windows\services32.exe [2011-07-25 1185280]
"tray_ico"= []
"tray_ico0"=C:\Windows\update.tray-15-0\svchost.exe [2011-07-25 1185280]
"tray_ico1"=C:\Windows\update.tray-7-0\svchost.exe [2011-07-25 1185280]
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"3354650.exe"=C:\Users\Asus\AppData\Local\Temp\3354650.exe [2011-07-25 256000]
"sysdriver32.exe"=C:\Windows\sysdriver32.exe [2011-07-25 256000]
"sysdriver32_.exe"=C:\Windows\sysdriver32_.exe [2011-07-25 256000]
"7966735.exe"=C:\Windows\Temp\7966735.exe [2011-07-25 256000]
"3879334.exe"=C:\Windows\Temp\3879334.exe [2011-07-25 495616]
"24244485-loader2.exe"=C:\Windows\Temp\24244485-loader2.exe [2011-07-25 256000]
"l1rezerv.exe"=C:\Windows\l1rezerv.exe [2011-07-25 232960]
"systemup"=C:\Windows\systemup.exe [2011-07-25 114176]
"avast"=C:\AVAST Software\Avast\avastUI.exe /nogui []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup []
"Driver Updater"=C:\Program Files\Carambis\Driver Updater\dupdater.exe [2010-06-08 4973056]
"SoftAuto.exe"=C:\Program Files\Creative\Software Update 3\SoftAuto.exe [2008-08-13 405504]
"Google Update"=C:\Users\Asus\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-23 136176]
""= []
"NokiaOviSuite2"=C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2010-09-02 672632]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-01-26 15026056]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="APSHook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\PPMate\ppmate.exe"="C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate"
"C:\Users\Asus\Downloads\Flash-Player.exe"="C:\Users\Asus\Downloads\Flash-Player.exe:*:Enabled:C:\Users\Asus\Downloads\Flash-Player.exe"
"C:\Windows\update.1\svchost.exe"="C:\Windows\update.1\svchost.exe:*:Enabled:C:\Windows\update.1\svchost.exe"
"C:\Windows\services32.exe"="C:\Windows\services32.exe:*:Enabled:C:\Windows\services32.exe"
"C:\Windows\update.tray-12-0\svchost.exe"="C:\Windows\update.tray-12-0\svchost.exe:*:Enabled:C:\Windows\update.tray-12-0\svchost.exe"
"C:\Windows\update.2\svchost.exe"="C:\Windows\update.2\svchost.exe:*:Enabled:C:\Windows\update.2\svchost.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"VIDC.FFDS"=ff_vfw.dll
"wave2"=serwvdrv.dll
"wave4"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave5"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave3"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave6"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux2"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-07-25 23:40:45 ----D---- C:\rsit
2011-07-25 23:40:45 ----D---- C:\Program Files\trend micro
2011-07-25 23:20:57 ----ASH---- C:\hiberfil.sys
2011-07-25 23:14:39 ----D---- C:\AVAST Software
2011-07-25 23:05:10 ----HD---- C:\Windows\update.tray-15-0-lnk
2011-07-25 23:05:10 ----HD---- C:\Windows\update.tray-15-0
2011-07-25 22:58:21 ----D---- C:\Program Files\Common Files\DESIGNER
2011-07-25 22:28:49 ----D---- C:\ProgramData\MFAData
2011-07-25 20:00:44 ----HD---- C:\Windows\update.tray-7-0-lnk
2011-07-25 20:00:44 ----HD---- C:\Windows\update.tray-7-0
2011-07-25 19:57:47 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-07-25 19:57:47 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-07-25 19:57:43 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-07-25 19:57:42 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-07-25 19:57:42 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-07-25 19:57:40 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2011-07-25 19:56:55 ----A---- C:\Windows\system32\aswBoot.exe
2011-07-25 19:56:55 ----A---- C:\Windows\avastSS.scr
2011-07-25 19:49:38 ----A---- C:\Windows\ddh_iplist.txt
2011-07-25 19:49:16 ----A---- C:\Windows\systemup.exe
2011-07-25 19:49:04 ----D---- C:\Windows\ufa
2011-07-25 19:49:04 ----D---- C:\Windows\rpcminer
2011-07-25 19:49:04 ----D---- C:\Windows\phoenix
2011-07-25 19:48:06 ----A---- C:\Windows\btc_client_iplist.txt
2011-07-25 19:47:05 ----HD---- C:\Windows\update.5.0
2011-07-25 19:46:46 ----D---- C:\Program Files\Common Files\Nokia
2011-07-25 19:44:58 ----A---- C:\Windows\l1rezerv.exe
2011-07-25 19:38:18 ----A---- C:\Windows\iecheck_iplist.txt
2011-07-25 19:36:37 ----HD---- C:\Windows\update.2
2011-07-25 19:35:04 ----A---- C:\Windows\unrar.exe
2011-07-25 19:31:40 ----A---- C:\Windows\iplist.txt
2011-07-25 19:31:31 ----AH---- C:\Windows\system32\ezsidmv.dat
2011-07-25 19:31:17 ----A---- C:\Windows\sysdriver32_.exe
2011-07-25 19:31:02 ----A---- C:\Windows\sysdriver32.exe
2011-07-25 19:30:41 ----A---- C:\Windows\front_ip_list.txt
2011-07-25 19:30:17 ----D---- C:\Windows\av_ico
2011-07-25 19:28:15 ----HD---- C:\Windows\update.1
2011-07-25 19:27:36 ----HD---- C:\Windows\update.tray-12-0-lnk
2011-07-25 19:27:36 ----HD---- C:\Windows\update.tray-12-0
2011-07-25 19:14:56 ----A---- C:\Windows\winlog-ids.txt
2011-07-25 19:14:56 ----A---- C:\Windows\winlog-dirs.txt
2011-07-25 19:14:50 ----A---- C:\Windows\services32.exe
2011-07-13 11:14:46 ----A---- C:\Windows\system32\drivers\BTHUSB.SYS
2011-07-13 11:14:46 ----A---- C:\Windows\system32\drivers\bthport.sys
2011-07-13 11:14:42 ----A---- C:\Windows\system32\win32k.sys
2011-07-13 11:14:39 ----A---- C:\Windows\system32\kernel32.dll
2011-07-13 11:14:35 ----A---- C:\Windows\system32\winsrv.dll
2011-07-13 11:14:35 ----A---- C:\Windows\system32\csrsrv.dll
2011-06-30 16:17:39 ----D---- C:\Mame
2011-06-29 15:09:24 ----A---- C:\Windows\system32\schannel.dll

======List of files/folders modified in the last 1 month======

2011-07-26 00:02:40 ----D---- C:\Users\Asus\AppData\Roaming\skypePM
2011-07-25 23:43:41 ----D---- C:\Users\Asus\AppData\Roaming\Skype
2011-07-25 23:40:45 ----RD---- C:\Program Files
2011-07-25 23:23:45 ----D---- C:\Windows\Temp
2011-07-25 23:19:33 ----HD---- C:\ProgramData
2011-07-25 23:15:05 ----SHD---- C:\Windows\Installer
2011-07-25 23:15:04 ----D---- C:\Program Files\Common Files\microsoft shared
2011-07-25 23:14:51 ----D---- C:\Windows
2011-07-25 23:14:50 ----D---- C:\Windows\System32
2011-07-25 23:14:35 ----SHD---- C:\System Volume Information
2011-07-25 23:02:19 ----A---- C:\Windows\system32\acovcnt.exe
2011-07-25 22:59:23 ----D---- C:\ProgramData\Microsoft Help
2011-07-25 22:59:17 ----D---- C:\Windows\winsxs
2011-07-25 22:58:21 ----D---- C:\Program Files\Common Files
2011-07-25 22:58:12 ----RSD---- C:\Windows\Fonts
2011-07-25 22:55:01 ----A---- C:\Windows\win.ini
2011-07-25 22:55:00 ----D---- C:\Program Files\Common Files\System
2011-07-25 21:15:37 ----D---- C:\Windows\Prefetch
2011-07-25 21:04:45 ----D---- C:\Users\Asus\AppData\Roaming\uTorrent
2011-07-25 20:07:10 ----D---- C:\Users\Asus\AppData\Roaming\Winamp
2011-07-25 19:57:47 ----D---- C:\Windows\system32\drivers
2011-07-25 19:37:11 ----D---- C:\Windows\system32\drivers\etc
2011-07-25 19:29:26 ----D---- C:\Windows\system32\drivers\Avg
2011-07-25 19:28:02 ----SHD---- C:\$Recycle.Bin
2011-07-20 19:08:15 ----D---- C:\Program Files\Mozilla Firefox
2011-07-19 20:23:21 ----D---- C:\Windows\inf
2011-07-19 20:23:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-18 23:19:07 ----D---- C:\Windows\Debug
2011-07-14 16:15:07 ----D---- C:\Windows\system32\catroot
2011-07-14 10:22:03 ----A---- C:\Windows\system32\mrt.exe
2011-07-14 10:19:52 ----D---- C:\Windows\system32\catroot2
2011-07-09 00:02:10 ----D---- C:\Windows\system32\WDI
2011-07-04 14:26:06 ----D---- C:\Games

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaNvStor;Intel(R) Turbo Memory Controller; C:\Windows\system32\DRIVERS\iaNvStor.sys [2008-04-24 226328]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2008-04-21 317464]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2010-08-09 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2010-08-09 29584]
R1 AvgTdiX;AVG Free Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2011-05-06 243152]
R1 PersonalSecureDrive;PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [2007-01-24 39080]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2010-04-12 59388]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-08-09 45568]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-29 3544064]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-06-17 146824]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-02 2113624]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-25 5632]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-21 18432]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-15 7680]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2009-05-28 4233728]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-05-02 122368]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2008-01-25 1090304]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-10-01 1769984]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-07 196400]
R3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2008-01-21 45624]
R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [2009-07-14 92672]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-03-17 81960]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2008-03-17 100392]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-03-17 17320]
S3 DfuUsb;DfuUsb; C:\Windows\SYSTEM32\DRIVERS\DFUUsb.sys [2010-01-21 10880]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 SynasUSB;SynasUSB; C:\Windows\system32\drivers\SynasUSB.sys [2007-10-24 23288]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbaudio;Ovladač zvuků USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbser;Nokia USB Serial Port; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2009-07-14 132224]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASBroker;Logon Session Broker; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 ASChannel;Local Communication Channel; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-10-03 94208]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-03-29 667648]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-04-10 518696]
R2 CTDevice_Srv;CT Device Query service; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [2007-04-02 61440]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-16 354840]
R2 IFXSpMgtSrv;Security Platform Management Service; C:\Windows\system32\ifxspmgt.exe [2007-02-26 677408]
R2 IFXTCS;Trusted Platform Core Service; C:\Windows\system32\ifxtcs.exe [2007-02-23 849440]
R2 PersonalSecureDriveService;Personal Secure Drive Service; C:\Windows\system32\IfxPsdSv.exe [2007-02-23 140832]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
R2 srvbtcclient;srvbtcclient; C:\Windows\update.5.0\svchost.exe [2011-07-25 340992]
R2 srviecheck;srviecheck; C:\Windows\update.2\svchost.exe [2011-07-25 495616]
R2 srvsysdriver32;srvsysdriver32; C:\Windows\sysdriver32.exe [2011-07-25 256000]
R2 wxpdrivers;wxpdrivers; C:\Windows\update.1\svchost.exe [2011-07-25 1185280]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe []
S2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-18 136176]
S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE []
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe []
S3 CTUPnPSv;Creative Centrale Media Server; C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-18 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe []
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

[vyosek]

Zdravim a pekny pozdni vecer preji

No je fakt, ze se tu opravdu nenudime a travime tu cas do pozdnich ci spise brzkych rannich hodin abychom co nejvice pomohli. Tak se na to podivame

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill SCR:
  http://download.bleepingcomputer.com/grinler/rkill.scr
  
  Rkill PIF:
  http://download.bleepingcomputer.com/grinler/rkill.pif

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Ted nerestartujte PC - prisli byste o ucinek RKillu

Aplikujte exeHelper by Raktor

• Linky ke stazeni
  • COM soubor http://vyosek.ic.cz/BE/exeHelper.com
  • SCR soubor http://vyosek.ic.cz/BE/exeHelper.scr
• Utilitu staci spustit jako Spravce (klik pravym mysidlem), probehne oprava a vznikne log exehelperlog.txt

Aplikujte RogueKiller

pouzijes RogueKiller>.spustis>>stlac 2> [enter] log vloz sem
http://www.viry.cz/forum/viewtopic.php? ... 05#p981205

Jeste znovu RogueKiller ale nyni s moznosti 3 a pote jeste jednou s moznosti 4

RKill, eXeHelper i RogueKiller by mely udelat logy, vlozte mi je sem

[ainemia]

Bohužel při aplikaci exehelper došlo k ukončení porgramu, ani se mi nezobrazila možnost jí spustit jako správce (ačkoli jiné programy takto spustit můžu) aspoň výpis z rkillu:


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 26.07.2011 at 0:27:30.
Operating System: Windows Vista (TM) Home Premium


Processes terminated by Rkill or while it was running:

C:\Users\Asus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Asus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Asus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Asus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Asus\AppData\Local\Google\Chrome\Application\chrome.exe


Rkill completed on 26.07.2011 at 0:27:40.

[vyosek]

Fajn, pokracujte RogueKillerem

[ainemia]

RKreport1

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Asus [Admin rights]
Mode: Scan -- Date : 07/26/2011 00:36:27

Bad processes: 7
[SVCHOST] svchost.exe -- c:\windows\update.tray-15-0\svchost.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.tray-7-0\svchost.exe -> KILLED
[SUSP PATH] l1rezerv.exe -- c:\windows\l1rezerv.exe -> KILLED
[SUSP PATH] systemup.exe -- c:\windows\systemup.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED
[SUSP PATH] sysdriver32.exe -- c:\windows\sysdriver32.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED

Registry Entries: 15
[SUSP PATH] HKLM\[...]\Run : wxpdrv (C:\Windows\services32.exe) -> FOUND
[SUSP PATH] HKLM\[...]\Run : 3354650.exe ("C:\Users\Asus\AppData\Local\Temp\3354650.exe") -> FOUND
[SUSP PATH] HKLM\[...]\Run : sysdriver32.exe ("C:\Windows\sysdriver32.exe" rezerv) -> FOUND
[SUSP PATH] HKLM\[...]\Run : sysdriver32_.exe ("C:\Windows\sysdriver32_.exe" rezerv) -> FOUND
[SUSP PATH] HKLM\[...]\Run : 7966735.exe ("C:\Windows\Temp\7966735.exe") -> FOUND
[SUSP PATH] HKLM\[...]\Run : 3879334.exe ("C:\Windows\Temp\3879334.exe") -> FOUND
[SUSP PATH] HKLM\[...]\Run : 24244485-loader2.exe ("C:\Windows\Temp\24244485-loader2.exe") -> FOUND
[SUSP PATH] HKLM\[...]\Run : l1rezerv.exe ("C:\Windows\l1rezerv.exe") -> FOUND
[SUSP PATH] HKLM\[...]\Run : systemup ("C:\Windows\systemup.exe" stand) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]


Finished : << RKreport[1].txt >>
RKreport[1].txt






RKreport2








RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Asus [Admin rights]
Mode: HOSTSFix -- Date : 07/26/2011 00:38:10

Bad processes: 0

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


Report3



RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Asus [Admin rights]
Mode: ProxyFix -- Date : 07/26/2011 00:38:56

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

[vyosek]

Jeste poprosim o spusteni s moznosti "2" - log opet sem

[ainemia]

Pardon, tady je:

Jen tak na okraj, ten virus je pěkný prevít, přišlo mi to hned podezřelé, a tak jsem se ptal, jestli se náhodou nejedná o vir. Ten bot mi odpověděl, že se o žádný vir nejedná!!!



RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Asus [Admin rights]
Mode: Remove -- Date : 07/26/2011 00:47:43

Bad processes: 0

Registry Entries: 15
[SUSP PATH] HKLM\[...]\Run : wxpdrv (C:\Windows\services32.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 3354650.exe ("C:\Users\Asus\AppData\Local\Temp\3354650.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32.exe ("C:\Windows\sysdriver32.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32_.exe ("C:\Windows\sysdriver32_.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 7966735.exe ("C:\Windows\Temp\7966735.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 3879334.exe ("C:\Windows\Temp\3879334.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 24244485-loader2.exe ("C:\Windows\Temp\24244485-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : l1rezerv.exe ("C:\Windows\l1rezerv.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : systemup ("C:\Windows\systemup.exe" stand) -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:
127.0.0.1 localhost


Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

[vyosek]

Tak pravdu rikat nebude ze

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[ainemia]

Trvalo to trochu déle, ale tady to je:
Ještě jednou děkuju za obrovskou ochotu, kdybych věděl kam, hned bych poslal nějaký redbull

ComboFix 11-07-25.03 - Asus 26.07.2011 1:00.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.1283 [GMT 2:00]
Spuštěný z: c:\users\Asus\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Asus\AppData\Roaming\Microsoft\Windows\Recent\CZShare Manager.appref-ms
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix.rar
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\6E6B02546A.dll
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.tray-15-0\svchost.exe
c:\windows\update.tray-7-0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
-------\Service_srvbtcclient
-------\Service_srvbtcclient
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-25 do 2011-07-25 )))))))))))))))))))))))))))))))
.
.
2011-07-25 21:40 . 2011-07-25 22:06 -------- d-----w- c:\program files\trend micro
2011-07-25 21:40 . 2011-07-25 21:41 -------- d-----w- C:\rsit
2011-07-25 21:14 . 2011-07-25 21:14 -------- d-----w- C:\AVAST Software
2011-07-25 21:05 . 2011-07-25 23:15 -------- d--h--w- c:\windows\update.tray-15-0
2011-07-25 21:05 . 2011-07-25 21:05 -------- d--h--w- c:\windows\update.tray-15-0-lnk
2011-07-25 20:28 . 2011-07-25 20:36 -------- d-----w- c:\programdata\MFAData
2011-07-25 18:00 . 2011-07-25 23:15 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-25 18:00 . 2011-07-25 18:00 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-25 17:57 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-25 17:57 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-25 17:57 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-25 17:57 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-25 17:57 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-25 17:57 . 2011-07-04 11:32 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-25 17:56 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-25 17:56 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-25 17:49 . 2011-07-25 17:49 -------- d-----w- c:\windows\ufa
2011-07-25 17:49 . 2011-07-25 17:49 -------- d-----w- c:\windows\rpcminer
2011-07-25 17:49 . 2011-07-25 17:49 -------- d-----w- c:\windows\phoenix
2011-07-25 17:46 . 2011-07-25 17:46 -------- d-----w- c:\program files\Common Files\Nokia
2011-07-25 17:35 . 2011-07-25 17:49 246272 ----a-w- c:\windows\unrar.exe
2011-07-25 17:30 . 2011-07-25 21:06 -------- d-----w- c:\windows\av_ico
2011-07-25 17:27 . 2011-07-25 17:27 -------- d--h--w- c:\windows\update.tray-12-0
2011-07-25 17:27 . 2011-07-25 17:27 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-07-20 17:08 . 2011-07-08 07:29 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-07-20 17:08 . 2011-07-08 07:29 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-07-20 17:08 . 2011-07-08 07:29 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-07-20 17:08 . 2011-07-08 07:29 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-07-20 17:08 . 2011-07-08 07:29 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-07-20 17:08 . 2011-07-08 07:29 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-07-20 17:08 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-20 17:08 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-13 09:14 . 2011-04-21 13:55 508416 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-07-13 09:14 . 2009-06-17 13:23 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-07-13 09:14 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 09:14 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 09:14 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-06-30 14:17 . 2011-06-30 14:53 -------- d-----w- C:\Mame
2011-06-29 13:09 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-25 23:22 . 2010-07-30 20:51 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-05-06 07:52 . 2010-08-09 17:51 243152 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-05-02 17:16 . 2011-06-15 06:21 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:25 . 2011-06-15 06:21 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25 . 2011-06-15 06:21 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24 . 2011-06-15 06:21 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24 . 2011-06-15 06:21 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24 . 2011-06-15 06:21 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 07:29 . 2011-07-20 17:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 11:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Driver Updater"="c:\program files\Carambis\Driver Updater\dupdater.exe" [2010-06-08 4973056]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-09-02 672632]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2008-05-03 33304]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-01 6025216]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-26 677408]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-01-24 1208320]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 17920]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2010-07-30 3054136]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2010-07-30 47672]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-10 752168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:"*" /L:"1029" /KBD:2 /dir:"c:\avast software\Avast"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [x]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-18 136176]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
R3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
R3 DfuUsb;DfuUsb;c:\windows\system32\DRIVERS\DFUUsb.sys [2010-01-20 10880]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-18 136176]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [2007-10-24 23288]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2008-04-24 226328]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-09 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2011-05-06 243152]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2007-01-24 39080]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-05-28 4233728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-18 18:11]
.
2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-18 18:11]
.
2011-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2461276827-3342496426-2710684221-1000Core.job
- c:\users\Asus\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-23 12:16]
.
2011-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2461276827-3342496426-2710684221-1000UA.job
- c:\users\Asus\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-23 12:16]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.asus.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\slovnik\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\slovnik\Verdict Free\etnxp.dll
TCP: DhcpNameServer = 192.168.1.254
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\9u6tm78v.default\
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=39&tp=ab&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - c:\avast software\Avast\ashShell.dll
HKCU-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
HKLM-Run-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
HKLM-Run-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe
HKLM-Run-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico0 - c:\windows\update.tray-15-0\svchost.exe
HKLM-Run-tray_ico1 - c:\windows\update.tray-7-0\svchost.exe
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-avast - c:\avast software\Avast\avastUI.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-avast - c:\avast software\Avast\aswRunDll.exe
AddRemove-AVG9Uninstall - c:\program files\AVG\AVG9\setup.exe
AddRemove-Cossacks EW magyaritás v1.2.1 by Alwares - c:\windows\Cossacks EW magyaritás v1.2.1
AddRemove-Flashpoint - c:\program files\Codemasters\UnInstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-26 01:25
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(864)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll
.
- - - - - - - > 'Explorer.exe'(256)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll
c:\windows\system32\btmmhook.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\System32\lpksetup.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\windows\system32\ifxtcs.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\RtHDVCpl.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Celkový čas: 2011-07-26 01:29:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-25 23:29
.
Před spuštěním: 7 480 639 488
Po spuštění: 7 349 473 280
.
- - End Of File - - A1ED9EA78D7A7183D3647491277E533D

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Folder::
  c:\windows\update.tray-15-0
  c:\windows\update.tray-15-0-lnk
  c:\programdata\MFAData
  c:\windows\update.tray-7-0
  c:\windows\update.tray-7-0-lnk
  c:\windows\ufa
  c:\windows\rpcminer
  c:\windows\phoenix
  c:\windows\av_ico
  c:\windows\update.tray-12-0
  c:\windows\update.tray-12-0-lnk
  c:\program files\Ask.com
  
  File::
  c:\windows\unrar.exe
  
  Registry::
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
  "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
  [-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
  [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
  [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
  [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "NokiaOviSuite2"=-
  "Skype"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "QuickTime Task"=-
  "PWRISOVM.EXE"=-
  "Adobe Reader Speed Launcher"=-
  "ApnUpdater"=-
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "FirewallOverride"=dword:00000000
  "DisableThumbnailCache"=dword:00000000
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
  "DisableMonitoring"=dword:00000000
  [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
  [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[ainemia]

Dobré ráno,
log z combofixu proběhl, ale nemůžu zapnou chrome, explorer ani firefox, hlásí to pokus o neplatnou operaci na klíč registru, který je označen k odstranění. Počítač jsem restartovat nezkoušel, jestli je problém v tom, ud+lám to. Mám k dispozici ještě jeden notebook, z kterého ted pišu. Můžu přenášet logy a vaše instrukce přes flashku, je to ale bezpečné s ohledem na tento ještě nenakažený notebook?

[vyosek]

Restartujte PC, mel by se dat do poradku

Prenaseni celkem bezpecne je, havet co se siri po flashkach tam nemate

[ainemia]

ComboFix 11-07-26.01 - Asus 26.07.2011 8:46.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.1631 [GMT 2:00]
Spuštěný z: c:\users\Asus\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Asus\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 06:51 . 2011-07-26 06:53 -------- d-----w- c:\users\Asus\AppData\Local\temp
2011-07-26 06:51 . 2011-07-26 06:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-26 06:39 . 2011-07-26 06:40 -------- d-----w- C:\32788R22FWJFW
2011-07-25 21:40 . 2011-07-25 22:06 -------- d-----w- c:\program files\trend micro
2011-07-25 21:40 . 2011-07-25 21:41 -------- d-----w- C:\rsit
2011-07-25 21:14 . 2011-07-25 21:14 -------- d-----w- C:\AVAST Software
2011-07-25 21:05 . 2011-07-25 23:15 -------- d--h--w- c:\windows\update.tray-15-0
2011-07-25 21:05 . 2011-07-25 21:05 -------- d--h--w- c:\windows\update.tray-15-0-lnk
2011-07-25 20:28 . 2011-07-25 20:36 -------- d-----w- c:\programdata\MFAData
2011-07-25 18:00 . 2011-07-25 23:15 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-25 18:00 . 2011-07-25 18:00 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-25 17:57 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-25 17:57 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-25 17:57 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-25 17:57 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-25 17:57 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-25 17:57 . 2011-07-04 11:32 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-25 17:56 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-25 17:56 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-25 17:49 . 2011-07-25 17:49 -------- d-----w- c:\windows\ufa
2011-07-25 17:49 . 2011-07-25 17:49 -------- d-----w- c:\windows\rpcminer
2011-07-25 17:49 . 2011-07-25 17:49 -------- d-----w- c:\windows\phoenix
2011-07-25 17:46 . 2011-07-25 17:46 -------- d-----w- c:\program files\Common Files\Nokia
2011-07-25 17:35 . 2011-07-25 17:49 246272 ----a-w- c:\windows\unrar.exe
2011-07-25 17:30 . 2011-07-25 21:06 -------- d-----w- c:\windows\av_ico
2011-07-25 17:27 . 2011-07-25 17:27 -------- d--h--w- c:\windows\update.tray-12-0
2011-07-25 17:27 . 2011-07-25 17:27 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-07-20 17:08 . 2011-07-08 07:29 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-07-20 17:08 . 2011-07-08 07:29 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-07-20 17:08 . 2011-07-08 07:29 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-07-20 17:08 . 2011-07-08 07:29 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-07-20 17:08 . 2011-07-08 07:29 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-07-20 17:08 . 2011-07-08 07:29 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-07-20 17:08 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-20 17:08 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-13 09:14 . 2011-04-21 13:55 508416 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-07-13 09:14 . 2009-06-17 13:23 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-07-13 09:14 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 09:14 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 09:14 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-06-30 14:17 . 2011-06-30 14:53 -------- d-----w- C:\Mame
2011-06-29 13:09 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-26 06:52 . 2010-07-30 20:51 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-05-06 07:52 . 2010-08-09 17:51 243152 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-05-02 17:16 . 2011-06-15 06:21 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:25 . 2011-06-15 06:21 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25 . 2011-06-15 06:21 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24 . 2011-06-15 06:21 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24 . 2011-06-15 06:21 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24 . 2011-06-15 06:21 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 07:29 . 2011-07-20 17:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Driver Updater"="c:\program files\Carambis\Driver Updater\dupdater.exe" [2010-06-08 4973056]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2008-05-03 33304]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-01 6025216]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-26 677408]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-01-24 1208320]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 17920]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]

[vyosek]

Opakujte skript v nouzovem rezimu prosim (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

[ainemia]

Operaci jsem provedl v nouzovém režimu, log mi vyhel už v normálním, snad je to tak v pořádku:

ComboFix 11-07-26.02 - Asus 26.07.2011 10:26:34.2.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.2511 [GMT 2:00]
Spuštěný z: c:\users\Asus\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Asus\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_6d74.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\precache.exe
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\Updater\config.xml
c:\program files\Ask.com\Updater\Updater.exe
c:\program files\Ask.com\UpdateTask.exe
c:\programdata\MFAData
c:\programdata\MFAData\logs\mfa-20110725-202849.log
c:\programdata\MFAData\logs\mfa-20110725-203428.log
c:\programdata\MFAData\logs\msi-20110725-202849.log
c:\programdata\MFAData\logs\msi-20110725-203428.log
c:\programdata\MFAData\mfaurlconf.ini
c:\programdata\MFAData\mkt\cz\Installation-Page_LinkScanner.html
c:\programdata\MFAData\mkt\cz\Installation-Page_Smart-Scanning.html
c:\programdata\MFAData\mkt\cz\Installation-Page_Social-Networking.html
c:\programdata\MFAData\mkt\cz\Toolbar_wotoolbar.html
c:\programdata\MFAData\mkt\hi\Installation-Page_LinkScanner.html
c:\programdata\MFAData\mkt\hi\Installation-Page_Smart-Scanning.html
c:\programdata\MFAData\mkt\hi\Installation-Page_Social-Networking.html
c:\programdata\MFAData\mkt\hi\Toolbar_wotoolbar.html
c:\programdata\MFAData\mkt\res\LinkScanner-style.css
c:\programdata\MFAData\mkt\res\LinkScanner.jpg
c:\programdata\MFAData\mkt\res\Smart-Scanning.jpg
c:\programdata\MFAData\mkt\res\SmartScanning-style.css
c:\programdata\MFAData\mkt\res\Social-Networking.jpg
c:\programdata\MFAData\mkt\res\SocialNetworking-style.css
c:\programdata\MFAData\mkt\res\Toolbar-Selected.jpg
c:\programdata\MFAData\mkt\res\Toolbar-Unselected.jpg
c:\programdata\MFAData\mkt\res\ToolbarSelected-style.css
c:\programdata\MFAData\mkt\res\ToolbarUnselected-style.css
c:\programdata\MFAData\pack\AlertMgx.cab
c:\programdata\MFAData\pack\AntiRkx.cab
c:\programdata\MFAData\pack\Antivirx.cab
c:\programdata\MFAData\pack\avgmfapx.exe
c:\programdata\MFAData\pack\avgmfarx.dll
c:\programdata\MFAData\pack\avgntdumpx.exe
c:\programdata\MFAData\pack\avgrunasx.exe
c:\programdata\MFAData\pack\AVGx86.msi
c:\programdata\MFAData\pack\AVIsx.cab
c:\programdata\MFAData\pack\basex.cab
c:\programdata\MFAData\pack\bins\poi10avgcom_lic8bc.bin
c:\programdata\MFAData\pack\bins\poi10avgcom_mis36rg.bin
c:\programdata\MFAData\pack\bins\w10avgx1390ua.bin
c:\programdata\MFAData\pack\compat.ini
c:\programdata\MFAData\pack\COREx.cab
c:\programdata\MFAData\pack\COREx86.msi
c:\programdata\MFAData\pack\default_mis.mdf
c:\programdata\MFAData\pack\Emailsx.cab
c:\programdata\MFAData\pack\GUIx.cab
c:\programdata\MFAData\pack\htmlayout.dll
c:\programdata\MFAData\pack\iavichjw.avm
c:\programdata\MFAData\pack\idatx.cab
c:\programdata\MFAData\pack\IDPx.cab
c:\programdata\MFAData\pack\incavi.avm
c:\programdata\MFAData\pack\license_cz.htm
c:\programdata\MFAData\pack\license_da.htm
c:\programdata\MFAData\pack\license_es.htm
c:\programdata\MFAData\pack\license_fr.htm
c:\programdata\MFAData\pack\license_ge.htm
c:\programdata\MFAData\pack\license_hu.htm
c:\programdata\MFAData\pack\license_id.htm
c:\programdata\MFAData\pack\license_in.htm
c:\programdata\MFAData\pack\license_it.htm
c:\programdata\MFAData\pack\license_jp.htm
c:\programdata\MFAData\pack\license_ko.htm
c:\programdata\MFAData\pack\license_ms.htm
c:\programdata\MFAData\pack\license_nl.htm
c:\programdata\MFAData\pack\license_pb.htm
c:\programdata\MFAData\pack\license_pl.htm
c:\programdata\MFAData\pack\license_pt.htm
c:\programdata\MFAData\pack\license_ru.htm
c:\programdata\MFAData\pack\license_sc.htm
c:\programdata\MFAData\pack\license_sk.htm
c:\programdata\MFAData\pack\license_sp.htm
c:\programdata\MFAData\pack\license_tr.htm
c:\programdata\MFAData\pack\license_us.htm
c:\programdata\MFAData\pack\license_zh.htm
c:\programdata\MFAData\pack\license_zt.htm
c:\programdata\MFAData\pack\lng_czx.cab
c:\programdata\MFAData\pack\lng_dax.cab
c:\programdata\MFAData\pack\lng_esx.cab
c:\programdata\MFAData\pack\lng_frx.cab
c:\programdata\MFAData\pack\lng_gex.cab
c:\programdata\MFAData\pack\lng_hux.cab
c:\programdata\MFAData\pack\lng_idx.cab
c:\programdata\MFAData\pack\lng_inx.cab
c:\programdata\MFAData\pack\lng_itx.cab
c:\programdata\MFAData\pack\lng_jpx.cab
c:\programdata\MFAData\pack\lng_kox.cab
c:\programdata\MFAData\pack\lng_msx.cab
c:\programdata\MFAData\pack\lng_nlx.cab
c:\programdata\MFAData\pack\lng_pbx.cab
c:\programdata\MFAData\pack\lng_plx.cab
c:\programdata\MFAData\pack\lng_ptx.cab
c:\programdata\MFAData\pack\lng_rux.cab
c:\programdata\MFAData\pack\lng_scx.cab
c:\programdata\MFAData\pack\lng_skx.cab
c:\programdata\MFAData\pack\lng_spx.cab
c:\programdata\MFAData\pack\lng_trx.cab
c:\programdata\MFAData\pack\lng_usx.cab
c:\programdata\MFAData\pack\lng_zhx.cab
c:\programdata\MFAData\pack\lng_ztx.cab
c:\programdata\MFAData\pack\mfaconf.txt
c:\programdata\MFAData\pack\mfacz.lns
c:\programdata\MFAData\pack\mfada.lns
c:\programdata\MFAData\pack\mfaes.lns
c:\programdata\MFAData\pack\mfafr.lns
c:\programdata\MFAData\pack\mfage.lns
c:\programdata\MFAData\pack\mfahu.lns
c:\programdata\MFAData\pack\mfaid.lns
c:\programdata\MFAData\pack\mfain.lns
c:\programdata\MFAData\pack\mfait.lns
c:\programdata\MFAData\pack\mfajp.lns
c:\programdata\MFAData\pack\mfako.lns
c:\programdata\MFAData\pack\mfams.lns
c:\programdata\MFAData\pack\mfanl.lns
c:\programdata\MFAData\pack\mfapb.lns
c:\programdata\MFAData\pack\mfapl.lns
c:\programdata\MFAData\pack\mfapt.lns
c:\programdata\MFAData\pack\mfaru.lns
c:\programdata\MFAData\pack\mfasc.lns
c:\programdata\MFAData\pack\mfask.lns
c:\programdata\MFAData\pack\mfasp.lns
c:\programdata\MFAData\pack\mfatr.lns
c:\programdata\MFAData\pack\mfaus.lns
c:\programdata\MFAData\pack\mfazh.lns
c:\programdata\MFAData\pack\mfazt.lns
c:\programdata\MFAData\pack\Officex.cab
c:\programdata\MFAData\pack\OnlnScx.cab
c:\programdata\MFAData\pack\ResShldx.cab
c:\programdata\MFAData\pack\setup.exe
c:\programdata\MFAData\pack\SrchSrfx.cab
c:\programdata\MFAData\pack\SSHttpBx.cab
c:\programdata\MFAData\pack\SysToolx.cab
c:\programdata\MFAData\pack\TDIDrvx.cab
c:\programdata\MFAData\pack\Toolbarx.cab
c:\programdata\MFAData\pack\TuneUpx.cab
c:\programdata\MFAData\pack\Update2x.cab
c:\programdata\MFAData\pack\Updatex.cab
c:\programdata\MFAData\pack\vc_red.cab
c:\programdata\MFAData\pack\vc_red.msi
c:\programdata\MFAData\pack\xplx.cab
c:\programdata\MFAData\public_installation_log.xml
c:\programdata\MFAData\state.dat
c:\windows\av_ico
c:\windows\av_ico\ico_avast_desktop.ico
c:\windows\av_ico\ico_avast_start.ico
c:\windows\av_ico\ico_defender_start.ico
c:\windows\phoenix
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\rpcminer
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
c:\windows\update.tray-12-0-lnk
c:\windows\update.tray-12-0-lnk\svchost.exe
c:\windows\update.tray-12-0
c:\windows\update.tray-12-0\svchost.exe
c:\windows\update.tray-15-0-lnk
c:\windows\update.tray-15-0-lnk\svchost.exe
c:\windows\update.tray-15-0
c:\windows\update.tray-7-0-lnk
c:\windows\update.tray-7-0-lnk\svchost.exe
c:\windows\update.tray-7-0
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 08:33 . 2011-07-26 08:34 -------- d-----w- c:\users\Asus\AppData\Local\temp
2011-07-26 08:33 . 2011-07-26 08:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-25 21:40 . 2011-07-25 22:06 -------- d-----w- c:\program files\trend micro
2011-07-25 21:40 . 2011-07-25 21:41 -------- d-----w- C:\rsit
2011-07-25 21:14 . 2011-07-25 21:14 -------- d-----w- C:\AVAST Software
2011-07-25 17:57 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-25 17:57 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-25 17:57 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-25 17:57 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-25 17:57 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-25 17:57 . 2011-07-04 11:32 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-25 17:56 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-25 17:56 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-25 17:46 . 2011-07-25 17:46 -------- d-----w- c:\program files\Common Files\Nokia
2011-07-20 17:08 . 2011-07-08 07:29 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-07-20 17:08 . 2011-07-08 07:29 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-07-20 17:08 . 2011-07-08 07:29 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-07-20 17:08 . 2011-07-08 07:29 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-07-20 17:08 . 2011-07-08 07:29 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-07-20 17:08 . 2011-07-08 07:29 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-07-20 17:08 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-20 17:08 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-13 09:14 . 2011-04-21 13:55 508416 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-07-13 09:14 . 2009-06-17 13:23 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-07-13 09:14 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 09:14 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 09:14 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-06-30 14:17 . 2011-06-30 14:53 -------- d-----w- C:\Mame
2011-06-29 13:09 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-26 08:34 . 2010-07-30 20:51 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-05-06 07:52 . 2010-08-09 17:51 243152 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-05-02 17:16 . 2011-06-15 06:21 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:25 . 2011-06-15 06:21 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25 . 2011-06-15 06:21 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24 . 2011-06-15 06:21 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24 . 2011-06-15 06:21 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24 . 2011-06-15 06:21 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 07:29 . 2011-07-20 17:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Driver Updater"="c:\program files\Carambis\Driver Updater\dupdater.exe" [2010-06-08 4973056]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2008-05-03 33304]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-01 6025216]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-26 677408]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-01-24 1208320]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 17920]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2010-07-30 3054136]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2010-07-30 47672]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-10 752168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:1029 /KBD:2 /dir:C:\AVAST
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [x]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-18 136176]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
R3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
R3 DfuUsb;DfuUsb;c:\windows\system32\DRIVERS\DFUUsb.sys [2010-01-20 10880]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-18 136176]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [2007-10-24 23288]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2008-04-24 226328]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-09 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2011-05-06 243152]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2007-01-24 39080]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-05-28 4233728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-18 18:11]
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-18 18:11]
.
2011-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2461276827-3342496426-2710684221-1000Core.job
- c:\users\Asus\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-23 12:16]
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2461276827-3342496426-2710684221-1000UA.job
- c:\users\Asus\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-23 12:16]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.asus.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\slovnik\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\slovnik\Verdict Free\etnxp.dll
TCP: DhcpNameServer = 192.168.1.254
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\9u6tm78v.default\
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=39&tp=ab&q=
.
.
**************************************************************************
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory:
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(2976)
c:\windows\system32\APSHook.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\System32\lpksetup.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\windows\system32\ifxtcs.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
c:\windows\system32\conime.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Celkový čas: 2011-07-26 10:40:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-26 08:40
ComboFix2.txt 2011-07-26 06:59
ComboFix3.txt 2011-07-25 23:29
.
Před spuštěním: Volných bajtů: 11 234 131 968
Po spuštění: 7 975 149 568
.
- - End Of File - - 943F5B77F1806DB9E11891B0D4C28262