Adobe Flash Player - Facebook Virus

[Princ_krasoň]

Zdravím!

Jak jsem krásný, tak jsem hloupý, ergo rovnou poprosím nějakého dobrodince o pomoc s mojí první potvorou. Děkuji

Logfile of random's system information tool 1.09 (written by random/random)
Run by home at 2011-07-26 21:29:33
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 7 GB (6%) free of 114 GB
Total RAM: 958 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:30:40, on 26.7.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Shrink Pic\shrink_pic.exe
C:\Program Files\Smart PC Solutions\Smart Parental Control\SPC.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ICQ7.5\ICQ.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\home\Downloads\RSIT.exe
C:\Program Files\trend micro\home.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Shrink Pic.lnk = C:\Program Files\Shrink Pic\shrink_pic.exe
O4 - Startup: Spc.lnk = C:\Program Files\Smart PC Solutions\Smart Parental Control\SPC.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC1EB1C3-5280-4EC7-BAA1-9D143BA2DD9F}: NameServer = 172.16.0.5,172.16.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CC1EB1C3-5280-4EC7-BAA1-9D143BA2DD9F}: NameServer = 172.16.0.5,172.16.10.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{CC1EB1C3-5280-4EC7-BAA1-9D143BA2DD9F}: NameServer = 172.16.0.5,172.16.10.1
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (file missing)
O23 - Service: @c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243 (NisSrv) - Unknown owner - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

--
End of file - 7951 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\w8dsnbiw.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {ea614400-e918-4741-9a97-7a972ff7c30b}:2.1.14, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.1.7&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/vbp;version=0.9.17]
"Description"=Veetle Broadcaster Plugin
"Path"=C:\Program Files\Veetle\VLCBroadcast\npvbp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17]
"Description"=Veetle TV Core
"Path"=C:\Program Files\Veetle\plugins\npVeetle.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17]
"Description"=Veetle TV Player
"Path"=C:\Program Files\Veetle\Player\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\w8dsnbiw.default\extensions\
battlefieldheroespatcher@ea.com
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\w8dsnbiw.default\searchplugins\
conduit.xml
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngin0.dll [2011-07-18 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2010-11-10 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTo1.dll [2011-07-18 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTo1.dll [2011-07-18 3911776]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngin0.dll [2011-07-18 3911776]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-05-06 7440928]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"tray_ico"= []
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Shrink Pic.lnk - C:\Program Files\Shrink Pic\shrink_pic.exe
Spc.lnk - C:\Program Files\Smart PC Solutions\Smart Parental Control\SPC.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"VIDC.WMV3"=wmv9vcm.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-07-26 21:29:40 ----D---- C:\Program Files\trend micro
2011-07-26 21:29:33 ----D---- C:\rsit
2011-07-18 13:38:21 ----A---- C:\Windows\iecheck_iplist.txt
2011-07-18 13:38:16 ----A---- C:\Windows\ddh_iplist.txt
2011-07-18 13:38:02 ----HD---- C:\Windows\update.2
2011-07-18 12:23:58 ----D---- C:\Windows\ufa
2011-07-18 12:23:58 ----D---- C:\Windows\rpcminer
2011-07-18 12:23:58 ----D---- C:\Windows\phoenix
2011-07-18 12:23:57 ----A---- C:\Windows\unrar.exe
2011-07-18 12:21:54 ----A---- C:\Windows\btc_client_iplist.txt
2011-07-18 12:21:24 ----HD---- C:\Windows\update.5.0
2011-07-18 12:21:09 ----A---- C:\Windows\iplist.txt
2011-07-18 12:20:44 ----D---- C:\Windows\av_ico
2011-07-18 12:20:41 ----A---- C:\Windows\front_ip_list.txt
2011-07-18 12:19:27 ----HD---- C:\Windows\update.1
2011-07-18 12:19:12 ----HD---- C:\Windows\update.tray-14-0-lnk
2011-07-18 12:19:12 ----HD---- C:\Windows\update.tray-14-0
2011-07-18 12:07:23 ----A---- C:\Windows\winlog-ids.txt
2011-07-18 12:07:23 ----A---- C:\Windows\winlog-dirs.txt
2011-07-15 20:43:34 ----D---- C:\Program Files\uTorrent
2011-07-13 09:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 09:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 09:55:30 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-13 09:55:29 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 09:55:29 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 09:55:29 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 09:55:29 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 09:55:29 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 09:55:29 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 09:55:29 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 09:55:29 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 09:55:29 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-13 09:55:29 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 09:55:28 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-13 09:55:28 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 09:55:28 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-13 09:55:28 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-13 09:55:28 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 09:55:28 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 09:55:28 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 09:55:28 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 09:55:28 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 09:55:28 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 09:55:28 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-13 09:55:28 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 09:55:28 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 09:55:28 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 09:55:28 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 09:55:28 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-13 09:55:25 ----A---- C:\Windows\system32\kernel32.dll
2011-07-13 09:55:24 ----A---- C:\Windows\system32\winsrv.dll
2011-07-13 09:55:24 ----A---- C:\Windows\system32\conhost.exe
2011-07-13 09:55:17 ----A---- C:\Windows\system32\win32k.sys
2011-07-07 17:28:16 ----D---- C:\Program Files\DVDFab 8 Qt
2011-06-29 13:21:57 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-06-29 13:21:25 ----A---- C:\Windows\system32\tquery.dll
2011-06-29 13:21:25 ----A---- C:\Windows\system32\mssrch.dll
2011-06-29 13:21:24 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-06-29 13:21:24 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-06-29 13:21:24 ----A---- C:\Windows\system32\mssph.dll
2011-06-29 13:21:23 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-06-29 13:21:23 ----A---- C:\Windows\system32\mssvp.dll
2011-06-29 13:21:22 ----A---- C:\Windows\system32\mssphtb.dll
2011-06-29 13:21:22 ----A---- C:\Windows\system32\msscntrs.dll

======List of files/folders modified in the last 1 month======

2011-07-26 21:30:36 ----D---- C:\Windows\Temp
2011-07-26 21:29:52 ----D---- C:\Windows\Prefetch
2011-07-26 21:29:40 ----RD---- C:\Program Files
2011-07-26 21:25:12 ----D---- C:\Users\home\AppData\Roaming\Skype
2011-07-26 18:02:50 ----D---- C:\Windows\System32
2011-07-26 18:02:50 ----D---- C:\Windows\inf
2011-07-26 18:02:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-26 17:36:47 ----D---- C:\Windows
2011-07-26 17:24:37 ----D---- C:\Users\home\AppData\Roaming\uTorrent
2011-07-26 15:27:30 ----D---- C:\Windows\system32\config
2011-07-26 15:25:57 ----D---- C:\Users\home\AppData\Roaming\ICQ
2011-07-26 15:16:38 ----SHD---- C:\System Volume Information
2011-07-18 17:00:49 ----D---- C:\Program Files\Mozilla Firefox
2011-07-18 16:41:29 ----D---- C:\Program Files\Warcraft III
2011-07-18 16:03:10 ----D---- C:\Program Files\ConduitEngine
2011-07-18 16:03:04 ----D---- C:\Program Files\uTorrentBar
2011-07-18 15:08:26 ----D---- C:\Windows\system32\drivers
2011-07-18 15:08:26 ----D---- C:\Windows\L2Schemas
2011-07-18 13:46:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-07-18 13:38:22 ----D---- C:\Windows\system32\drivers\etc
2011-07-18 12:07:20 ----SD---- C:\Users\home\AppData\Roaming\Microsoft
2011-07-15 21:32:01 ----D---- C:\Users\home\AppData\Roaming\vlc
2011-07-14 20:08:15 ----D---- C:\Windows\debug
2011-07-14 09:33:34 ----D---- C:\Windows\winsxs
2011-07-14 09:28:51 ----D---- C:\Windows\system32\DriverStore
2011-07-13 22:32:38 ----A---- C:\Windows\system32\MRT.exe
2011-07-13 22:32:34 ----SHD---- C:\Windows\Installer
2011-07-13 22:32:31 ----D---- C:\ProgramData\Microsoft Help
2011-07-13 09:55:10 ----D---- C:\Windows\system32\catroot2
2011-07-13 09:55:10 ----D---- C:\Windows\system32\catroot
2011-07-08 17:12:19 ----D---- C:\Program Files\Opera
2011-07-07 17:39:56 ----D---- C:\Program Files\DVDFab 7
2011-07-07 17:39:50 ----D---- C:\Users\home\AppData\Roaming\Vso
2011-07-07 17:39:48 ----A---- C:\Users\home\AppData\Roaming\inst.exe
2011-07-02 15:49:59 ----D---- C:\Windows\system32\NDF
2011-07-01 20:00:32 ----D---- C:\Program Files\ICQ7.5
2011-07-01 19:59:47 ----D---- C:\Windows\system32\Tasks
2011-07-01 19:59:40 ----RD---- C:\Program Files\Skype
2011-07-01 19:59:35 ----D---- C:\ProgramData\Skype
2011-07-01 19:59:23 ----D---- C:\Program Files\Common Files
2011-07-01 17:48:55 ----D---- C:\Users\home\AppData\Roaming\skypePM
2011-06-30 14:37:02 ----D---- C:\Program Files\Microsoft Office
2011-06-30 14:28:11 ----RSD---- C:\Windows\Fonts
2011-06-29 13:49:13 ----D---- C:\Windows\Microsoft.NET
2011-06-29 13:48:27 ----RSD---- C:\Windows\assembly
2011-06-29 13:21:59 ----D---- C:\ProgramData\Skype Extras

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2009-08-04 213024]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-09-19 691696]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-05-04 2365792]
R3 NVNET;NVIDIA nForce Ethernet Driver; C:\Windows\system32\DRIVERS\nvmf6232.sys [2010-08-12 298216]
S1 MpKsl0063f815;MpKsl0063f815; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C3458851-023B-4DDB-8CA1-0B85ABEB3805}\MpKsl0063f815.sys []
S1 MpKsl02dd2625;MpKsl02dd2625; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2F7D18DB-C9EA-4214-93E0-7403CC4429BB}\MpKsl02dd2625.sys []
S1 MpKsl0674f855;MpKsl0674f855; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{96BE75F2-ABAF-4226-A591-1C734E620DE2}\MpKsl0674f855.sys []
S1 MpKsl0ae7e203;MpKsl0ae7e203; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8BCAC227-0BF0-439C-95F8-C81D4B375017}\MpKsl0ae7e203.sys []
S1 MpKsl104393c8;MpKsl104393c8; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F0D503AB-BBB7-41B4-9B2F-DF1C276570E4}\MpKsl104393c8.sys []
S1 MpKsl14fe82b8;MpKsl14fe82b8; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8DB6A1AB-6DAC-4553-8FD7-C9706735892F}\MpKsl14fe82b8.sys []
S1 MpKsl18f8f5c0;MpKsl18f8f5c0; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{543708DF-82F2-44E7-B1C8-55979485BAC9}\MpKsl18f8f5c0.sys []
S1 MpKsl1ab1a668;MpKsl1ab1a668; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A36B28CC-F498-4949-AF2A-F0C5C271C85B}\MpKsl1ab1a668.sys []
S1 MpKsl24e81932;MpKsl24e81932; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BC672909-9A93-4C2D-93AA-0261892EB01E}\MpKsl24e81932.sys []
S1 MpKsl35c7542b;MpKsl35c7542b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AE2FCE07-212F-4F19-A4FA-C861A27F7A4F}\MpKsl35c7542b.sys []
S1 MpKsl3816f7db;MpKsl3816f7db; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5FCB3F72-F28A-4CFB-8CB6-C7471D8A1844}\MpKsl3816f7db.sys []
S1 MpKsl3dacc3aa;MpKsl3dacc3aa; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EC273C21-339A-423B-8B97-2D7D89D39C79}\MpKsl3dacc3aa.sys []
S1 MpKsl440a305a;MpKsl440a305a; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8C1F1952-FAEA-443F-A03B-7BA0C6260F0E}\MpKsl440a305a.sys []
S1 MpKsl457e04b5;MpKsl457e04b5; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{97B2355E-7A54-49D4-9FDC-44AD3676B696}\MpKsl457e04b5.sys []
S1 MpKsl4860d71f;MpKsl4860d71f; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{615F3308-E8F7-4F4B-A400-F0B8C6C0E5B2}\MpKsl4860d71f.sys []
S1 MpKsl4fc2d408;MpKsl4fc2d408; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{09927ADB-91BD-4150-A3C0-6CB1A57B52C0}\MpKsl4fc2d408.sys []
S1 MpKsl57995996;MpKsl57995996; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A11EAF0E-BAA4-48C1-8CEA-3FD830784228}\MpKsl57995996.sys []
S1 MpKsl58945cf3;MpKsl58945cf3; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{36535B46-C0C2-4012-B710-254922444A3E}\MpKsl58945cf3.sys []
S1 MpKsl593d9342;MpKsl593d9342; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0CBF2E45-4047-483E-A833-E7A8754DC34B}\MpKsl593d9342.sys []
S1 MpKsl5a85c8c2;MpKsl5a85c8c2; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E9095412-552C-4353-8E89-D58DBFAE9CE4}\MpKsl5a85c8c2.sys []
S1 MpKsl6b5838cd;MpKsl6b5838cd; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D3962A08-C8BD-4606-84AA-E73F1D97E215}\MpKsl6b5838cd.sys []
S1 MpKsl81c7909e;MpKsl81c7909e; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CB83F64F-EBC0-485D-B3EE-D6E7524D0777}\MpKsl81c7909e.sys []
S1 MpKsl87399180;MpKsl87399180; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{59E89992-754F-4D4A-A9DE-CD04A4956874}\MpKsl87399180.sys []
S1 MpKsl8fecfa3c;MpKsl8fecfa3c; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1539738C-760E-4BE4-A486-ECAD15643CDF}\MpKsl8fecfa3c.sys []
S1 MpKsl9222a899;MpKsl9222a899; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8D4FE67D-FDC7-47AD-AAC2-716FBFDB0544}\MpKsl9222a899.sys []
S1 MpKsl9fed2fe2;MpKsl9fed2fe2; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AB167799-7293-46C5-BB35-370500E66239}\MpKsl9fed2fe2.sys []
S1 MpKsla58dda3a;MpKsla58dda3a; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{56BC2C96-C886-4CEC-8E40-F463C9AD72D8}\MpKsla58dda3a.sys []
S1 MpKslab89ca62;MpKslab89ca62; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{65DECFCD-12B6-4F1D-A074-92BF9B914C3F}\MpKslab89ca62.sys []
S1 MpKslaca52889;MpKslaca52889; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5FD7867C-0D36-4C9B-9349-2A1CF6F9DA57}\MpKslaca52889.sys []
S1 MpKslaf600b1f;MpKslaf600b1f; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B436B8EE-8587-4F7E-B51F-F59FAC44A7F1}\MpKslaf600b1f.sys []
S1 MpKslb2923b3f;MpKslb2923b3f; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5FD7867C-0D36-4C9B-9349-2A1CF6F9DA57}\MpKslb2923b3f.sys []
S1 MpKslb694cf98;MpKslb694cf98; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{56BC2C96-C886-4CEC-8E40-F463C9AD72D8}\MpKslb694cf98.sys []
S1 MpKslb78c3529;MpKslb78c3529; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1539738C-760E-4BE4-A486-ECAD15643CDF}\MpKslb78c3529.sys []
S1 MpKslba3458e8;MpKslba3458e8; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F2931284-2CA3-4169-BF5E-ABA63A8E01DE}\MpKslba3458e8.sys []
S1 MpKslbaa5e15a;MpKslbaa5e15a; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{02BAC0E8-FA69-40F5-B5BF-B375860B486F}\MpKslbaa5e15a.sys []
S1 MpKslc21aa3c1;MpKslc21aa3c1; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77296DFF-9A15-4E50-9848-948D6419C032}\MpKslc21aa3c1.sys []
S1 MpKslc6db4631;MpKslc6db4631; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{43916DBF-83B7-4CF6-901F-6DB9AC805B5B}\MpKslc6db4631.sys []
S1 MpKslc9e66ebe;MpKslc9e66ebe; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{377E017F-765F-4619-A7F3-F2946505F1AF}\MpKslc9e66ebe.sys []
S1 MpKsld8e040d1;MpKsld8e040d1; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{37B792B6-6117-4708-9556-08FC3AC4B47D}\MpKsld8e040d1.sys []
S1 MpKsldc2bb4ec;MpKsldc2bb4ec; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CE982F16-1152-4555-9A2C-22B69EF34CDA}\MpKsldc2bb4ec.sys []
S1 MpKsldea8e7e2;MpKsldea8e7e2; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EC273C21-339A-423B-8B97-2D7D89D39C79}\MpKsldea8e7e2.sys []
S1 MpKsldf4e3d29;MpKsldf4e3d29; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{42704F7A-D344-4C19-9852-18C1023D8EB0}\MpKsldf4e3d29.sys []
S1 MpKsldf7642d6;MpKsldf7642d6; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3A08EA29-F594-4A46-BAB9-9ADA5620A842}\MpKsldf7642d6.sys []
S1 MpKsle052bf63;MpKsle052bf63; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BDEAAE47-041B-4A70-8B00-1D0D94E66382}\MpKsle052bf63.sys []
S1 MpKsle17898ca;MpKsle17898ca; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8E352444-7DDF-4597-AF64-4F21C1EDFB3C}\MpKsle17898ca.sys []
S1 MpKslf6a9e8dd;MpKslf6a9e8dd; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{76874009-EB8A-4056-84F9-363584D642BF}\MpKslf6a9e8dd.sys []
S1 MpKslf77d92b2;MpKslf77d92b2; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E2F8EA45-F88B-49C9-9945-DCF75C59B6AA}\MpKslf77d92b2.sys []
S1 MpKslfd485ba0;MpKslfd485ba0; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{543708DF-82F2-44E7-B1C8-55979485BAC9}\MpKslfd485ba0.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 39272]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\plugins\UI\safedrv.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-14 347264]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-06-17 47360]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [2009-08-10 387616]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [2009-08-10 178720]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 129640]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2011-06-10 75136]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\BingBar\SeaPort.EXE [2011-02-25 249648]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-19 136176]
S2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 BBSvc;Bing Bar Update Service; C:\Program Files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-19 136176]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-16 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------

[vyosek]

Zdravim a pekny vecer preji

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill SCR:
  http://download.bleepingcomputer.com/grinler/rkill.scr
  
  Rkill PIF:
  http://download.bleepingcomputer.com/grinler/rkill.pif

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Ted nerestartujte PC - prisli byste o ucinek RKillu

Aplikujte exeHelper by Raktor

• Linky ke stazeni
  • COM soubor http://vyosek.ic.cz/BE/exeHelper.com
  • SCR soubor http://vyosek.ic.cz/BE/exeHelper.scr
• Utilitu staci spustit jako Spravce (klik pravym mysidlem), probehne oprava a vznikne log exehelperlog.txt

Aplikujte RogueKiller

pouzijes RogueKiller>.spustis>>stlac 2> [enter] log vloz sem
http://www.viry.cz/forum/viewtopic.php? ... 05#p981205

Jeste znovu RogueKiller ale nyni s moznosti 3 a pote jeste jednou s moznosti 4

RKill, eXeHelper i RogueKiller by mely udelat logy, vlozte mi je sem

[Princ_krasoň]

Dekuji, že jste se mne ujal. Až to vyřešíme, určitě něco pošlu na běh fóra.

Jinak u RK jsem nedal možnost 2, protože jsem si nebyl jist, jestli tak mám udělat nebo ne ...

Zde ty logy:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 27.07.2011 at 10:33:41.
Operating System: Windows 7 Professional


Processes terminated by Rkill or while it was running:

ndows\system32\conhost.exe


--- ATTENTION ---

Windows was configured to use a proxy! Proxy settings have been removed.

The Proxy Server that was configured is:

If this was a valid setting, please double-click on the rk-proxy.reg file on your desktop and allow the data to be merged to restore your proxy settings.


Rkill completed on 27.07.2011 at 10:33:52.

----------------------------------------

exeHelper by Raktor
Build 20100414
Run at 10:38:37 on 07/27/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

---------------------------------------

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: home [Admin rights]
Mode: Scan -- Date : 07/27/2011 10:41:02

Bad processes: 0

Registry Entries: 3
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]


Finished : << RKreport[1].txt >>
RKreport[1].txt

----------------------------------------

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: home [Admin rights]
Mode: HOSTSFix -- Date : 07/27/2011 10:44:41

Bad processes: 0

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

----------------------------------------

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: home [Admin rights]
Mode: ProxyFix -- Date : 07/27/2011 10:45:34

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

[vyosek]

Super, ale ted ten RogueKiller s moznosti 2 - ono to nebylo napsano v navodu jen tak

[Princ_krasoň]

Ok, já si toho nevšimnul

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: home [Admin rights]
Mode: Remove -- Date : 07/27/2011 10:55:17

Bad processes: 0

Registry Entries: 3
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:
127.0.0.1 localhost


Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

[vyosek]

Fajn, pujdeme dale

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[Princ_krasoň]

ComboFix 11-07-27.01 - home 27.07.2011 11:41:31.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.958.544 [GMT 2:00]
Spuštěný z: c:\users\home\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\home\AppData\Roaming\inst.exe
c:\users\home\AppData\Roaming\Microsoft\Windows\Recent\[SUMOTorrent.com]_top_gear_17x04.pif
c:\users\home\AppData\Roaming\pcouffin.sys
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix.rar
c:\windows\rpcminer.rar
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-27 do 2011-07-27 )))))))))))))))))))))))))))))))
.
.
2011-07-26 19:29 . 2011-07-26 19:30 -------- d-----w- c:\program files\trend micro
2011-07-26 19:29 . 2011-07-26 19:30 -------- d-----w- C:\rsit
2011-07-26 13:16 . 2011-07-20 07:44 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E121BB8A-A1A5-4EF6-A3CB-760FE0F01A7B}\mpengine.dll
2011-07-18 15:45 . 2011-07-18 15:45 -------- d-----w- c:\users\home\AppData\Local\ElevatedDiagnostics
2011-07-18 10:23 . 2011-07-18 10:24 -------- d-----w- c:\windows\ufa
2011-07-18 10:23 . 2011-07-18 10:24 -------- d-----w- c:\windows\rpcminer
2011-07-18 10:23 . 2011-07-18 10:24 -------- d-----w- c:\windows\phoenix
2011-07-18 10:23 . 2011-07-18 10:25 246272 ----a-w- c:\windows\unrar.exe
2011-07-18 10:20 . 2011-07-18 10:20 -------- d-----w- c:\windows\av_ico
2011-07-18 10:19 . 2011-07-18 13:06 -------- d--h--w- c:\windows\update.tray-14-0
2011-07-18 10:19 . 2011-07-18 13:06 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-07-17 19:18 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93D604E1-BC2A-4C87-97EE-6E8914439C82}\mpengine.dll
2011-07-15 18:43 . 2011-07-15 18:43 -------- d-----w- c:\program files\uTorrent
2011-07-15 18:42 . 2011-07-15 18:42 -------- d-----w- c:\users\home\AppData\Local\uTorrent
2011-07-07 15:28 . 2011-07-07 15:28 -------- d-----w- c:\program files\DVDFab 8 Qt
2011-06-29 11:21 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 11:21 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 11:21 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 11:21 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 11:21 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 11:21 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-29 11:21 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 11:21 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 11:21 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 11:21 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 17:52 . 2010-12-01 19:44 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2010-12-01 19:44 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-20 08:02 . 2011-05-16 07:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-10 17:09 . 2011-06-10 16:56 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-06-10 17:09 . 2011-06-10 17:09 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-06-10 17:09 . 2011-06-10 16:55 270240 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-06-10 16:56 . 2011-06-10 16:56 138056 ----a-w- c:\users\home\AppData\Roaming\PnkBstrK.sys
2011-06-10 16:55 . 2011-06-10 16:55 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-06-10 16:55 . 2011-06-10 16:55 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-06-07 15:55 . 2010-06-18 11:49 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-29 11:06 . 2011-05-28 19:50 21840 ----atw- c:\windows\system32\SIntfNT.dll
2011-05-29 11:06 . 2011-05-28 19:50 17212 ----atw- c:\windows\system32\SIntf32.dll
2011-05-29 11:06 . 2011-05-28 19:50 12067 ----atw- c:\windows\system32\SIntf16.dll
2011-05-24 17:14 . 2010-06-15 19:48 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-13 15:57 . 2011-05-13 15:57 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-13 15:57 . 2011-05-13 15:57 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-13 15:57 . 2011-05-13 15:57 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-13 15:57 . 2011-05-13 15:57 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-05-13 15:57 . 2011-05-13 15:57 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-05-13 15:57 . 2011-05-13 15:57 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-13 15:57 . 2011-05-13 15:57 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-05-13 15:57 . 2011-05-13 15:57 367104 ----a-w- c:\windows\system32\html.iec
2011-05-13 15:57 . 2011-05-13 15:57 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-05-13 15:57 . 2011-05-13 15:57 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-13 15:57 . 2011-05-13 15:57 161792 ----a-w- c:\windows\system32\msls31.dll
2011-05-13 15:57 . 2011-05-13 15:57 152064 ----a-w- c:\windows\system32\wextract.exe
2011-05-13 15:57 . 2011-05-13 15:57 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-05-13 15:57 . 2011-05-13 15:57 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-13 15:57 . 2011-05-13 15:57 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-13 15:57 . 2011-05-13 15:57 11776 ----a-w- c:\windows\system32\mshta.exe
2011-05-13 15:57 . 2011-05-13 15:57 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-05-13 15:57 . 2011-05-13 15:57 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-13 15:57 . 2011-05-13 15:57 101888 ----a-w- c:\windows\system32\admparse.dll
2011-05-04 02:52 . 2010-06-18 06:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-03 04:30 . 2011-06-16 17:17 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 02:46 . 2011-06-16 17:17 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:46 . 2011-06-16 17:17 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:46 . 2011-06-16 17:17 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-07-08 07:29 . 2011-07-18 15:00 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-07-18 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-07-18 14:03 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-07-18 14:03 3911776 ----a-w- c:\program files\uTorrentBar\tbuTo1.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 20:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-07-18 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2011-07-18 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-07-18 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-06 7440928]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Shrink Pic.lnk - c:\program files\Shrink Pic\shrink_pic.exe [2006-8-18 2740299]
Spc.lnk - c:\program files\Smart PC Solutions\Smart Parental Control\SPC.exe [2010-7-19 239104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R1 MpKsl0063f815;MpKsl0063f815;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C3458851-023B-4DDB-8CA1-0B85ABEB3805}\MpKsl0063f815.sys [x]
R1 MpKsl02dd2625;MpKsl02dd2625;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F7D18DB-C9EA-4214-93E0-7403CC4429BB}\MpKsl02dd2625.sys [x]
R1 MpKsl0674f855;MpKsl0674f855;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96BE75F2-ABAF-4226-A591-1C734E620DE2}\MpKsl0674f855.sys [x]
R1 MpKsl0ae7e203;MpKsl0ae7e203;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8BCAC227-0BF0-439C-95F8-C81D4B375017}\MpKsl0ae7e203.sys [x]
R1 MpKsl104393c8;MpKsl104393c8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F0D503AB-BBB7-41B4-9B2F-DF1C276570E4}\MpKsl104393c8.sys [x]
R1 MpKsl14fe82b8;MpKsl14fe82b8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8DB6A1AB-6DAC-4553-8FD7-C9706735892F}\MpKsl14fe82b8.sys [x]
R1 MpKsl18f8f5c0;MpKsl18f8f5c0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{543708DF-82F2-44E7-B1C8-55979485BAC9}\MpKsl18f8f5c0.sys [x]
R1 MpKsl1ab1a668;MpKsl1ab1a668;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A36B28CC-F498-4949-AF2A-F0C5C271C85B}\MpKsl1ab1a668.sys [x]
R1 MpKsl24e81932;MpKsl24e81932;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BC672909-9A93-4C2D-93AA-0261892EB01E}\MpKsl24e81932.sys [x]
R1 MpKsl35c7542b;MpKsl35c7542b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AE2FCE07-212F-4F19-A4FA-C861A27F7A4F}\MpKsl35c7542b.sys [x]
R1 MpKsl3816f7db;MpKsl3816f7db;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5FCB3F72-F28A-4CFB-8CB6-C7471D8A1844}\MpKsl3816f7db.sys [x]
R1 MpKsl3dacc3aa;MpKsl3dacc3aa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC273C21-339A-423B-8B97-2D7D89D39C79}\MpKsl3dacc3aa.sys [x]
R1 MpKsl440a305a;MpKsl440a305a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C1F1952-FAEA-443F-A03B-7BA0C6260F0E}\MpKsl440a305a.sys [x]
R1 MpKsl457e04b5;MpKsl457e04b5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{97B2355E-7A54-49D4-9FDC-44AD3676B696}\MpKsl457e04b5.sys [x]
R1 MpKsl4860d71f;MpKsl4860d71f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{615F3308-E8F7-4F4B-A400-F0B8C6C0E5B2}\MpKsl4860d71f.sys [x]
R1 MpKsl4fc2d408;MpKsl4fc2d408;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{09927ADB-91BD-4150-A3C0-6CB1A57B52C0}\MpKsl4fc2d408.sys [x]
R1 MpKsl57995996;MpKsl57995996;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A11EAF0E-BAA4-48C1-8CEA-3FD830784228}\MpKsl57995996.sys [x]
R1 MpKsl58945cf3;MpKsl58945cf3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{36535B46-C0C2-4012-B710-254922444A3E}\MpKsl58945cf3.sys [x]
R1 MpKsl593d9342;MpKsl593d9342;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0CBF2E45-4047-483E-A833-E7A8754DC34B}\MpKsl593d9342.sys [x]
R1 MpKsl5a85c8c2;MpKsl5a85c8c2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E9095412-552C-4353-8E89-D58DBFAE9CE4}\MpKsl5a85c8c2.sys [x]
R1 MpKsl6b5838cd;MpKsl6b5838cd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D3962A08-C8BD-4606-84AA-E73F1D97E215}\MpKsl6b5838cd.sys [x]
R1 MpKsl81c7909e;MpKsl81c7909e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB83F64F-EBC0-485D-B3EE-D6E7524D0777}\MpKsl81c7909e.sys [x]
R1 MpKsl87399180;MpKsl87399180;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59E89992-754F-4D4A-A9DE-CD04A4956874}\MpKsl87399180.sys [x]
R1 MpKsl8fecfa3c;MpKsl8fecfa3c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1539738C-760E-4BE4-A486-ECAD15643CDF}\MpKsl8fecfa3c.sys [x]
R1 MpKsl9222a899;MpKsl9222a899;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D4FE67D-FDC7-47AD-AAC2-716FBFDB0544}\MpKsl9222a899.sys [x]
R1 MpKsl9fed2fe2;MpKsl9fed2fe2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB167799-7293-46C5-BB35-370500E66239}\MpKsl9fed2fe2.sys [x]
R1 MpKsla58dda3a;MpKsla58dda3a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56BC2C96-C886-4CEC-8E40-F463C9AD72D8}\MpKsla58dda3a.sys [x]
R1 MpKslab89ca62;MpKslab89ca62;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{65DECFCD-12B6-4F1D-A074-92BF9B914C3F}\MpKslab89ca62.sys [x]
R1 MpKslaca52889;MpKslaca52889;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5FD7867C-0D36-4C9B-9349-2A1CF6F9DA57}\MpKslaca52889.sys [x]
R1 MpKslaf600b1f;MpKslaf600b1f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B436B8EE-8587-4F7E-B51F-F59FAC44A7F1}\MpKslaf600b1f.sys [x]
R1 MpKslb2923b3f;MpKslb2923b3f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5FD7867C-0D36-4C9B-9349-2A1CF6F9DA57}\MpKslb2923b3f.sys [x]
R1 MpKslb694cf98;MpKslb694cf98;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56BC2C96-C886-4CEC-8E40-F463C9AD72D8}\MpKslb694cf98.sys [x]
R1 MpKslb78c3529;MpKslb78c3529;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1539738C-760E-4BE4-A486-ECAD15643CDF}\MpKslb78c3529.sys [x]
R1 MpKslba3458e8;MpKslba3458e8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2931284-2CA3-4169-BF5E-ABA63A8E01DE}\MpKslba3458e8.sys [x]
R1 MpKslbaa5e15a;MpKslbaa5e15a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{02BAC0E8-FA69-40F5-B5BF-B375860B486F}\MpKslbaa5e15a.sys [x]
R1 MpKslc21aa3c1;MpKslc21aa3c1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{77296DFF-9A15-4E50-9848-948D6419C032}\MpKslc21aa3c1.sys [x]
R1 MpKslc6db4631;MpKslc6db4631;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43916DBF-83B7-4CF6-901F-6DB9AC805B5B}\MpKslc6db4631.sys [x]
R1 MpKslc9e66ebe;MpKslc9e66ebe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{377E017F-765F-4619-A7F3-F2946505F1AF}\MpKslc9e66ebe.sys [x]
R1 MpKsld8e040d1;MpKsld8e040d1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{37B792B6-6117-4708-9556-08FC3AC4B47D}\MpKsld8e040d1.sys [x]
R1 MpKsldc2bb4ec;MpKsldc2bb4ec;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE982F16-1152-4555-9A2C-22B69EF34CDA}\MpKsldc2bb4ec.sys [x]
R1 MpKsldea8e7e2;MpKsldea8e7e2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC273C21-339A-423B-8B97-2D7D89D39C79}\MpKsldea8e7e2.sys [x]
R1 MpKsldf4e3d29;MpKsldf4e3d29;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{42704F7A-D344-4C19-9852-18C1023D8EB0}\MpKsldf4e3d29.sys [x]
R1 MpKsldf7642d6;MpKsldf7642d6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3A08EA29-F594-4A46-BAB9-9ADA5620A842}\MpKsldf7642d6.sys [x]
R1 MpKsle052bf63;MpKsle052bf63;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BDEAAE47-041B-4A70-8B00-1D0D94E66382}\MpKsle052bf63.sys [x]
R1 MpKsle17898ca;MpKsle17898ca;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E352444-7DDF-4597-AF64-4F21C1EDFB3C}\MpKsle17898ca.sys [x]
R1 MpKslf6a9e8dd;MpKslf6a9e8dd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76874009-EB8A-4056-84F9-363584D642BF}\MpKslf6a9e8dd.sys [x]
R1 MpKslf77d92b2;MpKslf77d92b2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2F8EA45-F88B-49C9-9945-DCF75C59B6AA}\MpKslf77d92b2.sys [x]
R1 MpKslfd485ba0;MpKslfd485ba0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{543708DF-82F2-44E7-B1C8-55979485BAC9}\MpKslfd485ba0.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-19 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\plugins\UI\safedrv.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-19 136176]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-16 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-19 691696]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-19 14:47]
.
2011-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-19 14:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
TCP: Interfaces\{CC1EB1C3-5280-4EC7-BAA1-9D143BA2DD9F}: NameServer = 172.16.0.5,172.16.10.1
FF - ProfilePath - c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\w8dsnbiw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2463487&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-MSC - c:\program files\Microsoft Security Client\msseces.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
AddRemove-AP Guitar Tuner 1.02 - c:\program files\Audio Phonics
AddRemove-Microsoft Security Client - c:\program files\Microsoft Security Client\Setup.exe
AddRemove-Native Instruments - Rig Kontrol 3 Driver - c:\program files\Native Instruments\Rig Kontrol 3 Driver\uninst.exe Software\Native Instruments\Rig Kontrol 3 Driver\Setup
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-07-27 11:49:28
ComboFix-quarantined-files.txt 2011-07-27 09:49
.
Před spuštěním: 7 937 527 808
Po spuštění: 7 878 152 192
.
- - End Of File - - 903D80F6C822217F357784FEB4B7FA88

[vyosek]

Prejmenujte ComboFix na pitomec.com at si uvedomite ze na blbiny se neklika

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  File::
  c:\windows\Tasks\Google Software Updater.job
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  
  Collect::
  c:\windows\unrar.exe
  
  Driver::
  ICQ Service
  gupdatem
  gupdate
  
  Folder::
  c:\windows\ufa
  c:\program files\uTorrentBar
  c:\program files\Ask.com
  c:\windows\rpcminer
  c:\windows\phoenix
  c:\windows\av_ico
  c:\windows\update.tray-14-0
  c:\windows\update.tray-14-0-lnk
  
  Firefox::
  FF - ProfilePath - c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\w8dsnbiw.default\
  FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
  FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.7&q=
  
  Registry::
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
  "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
  "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
  "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
  "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=-
  [-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
  [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
  [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
  [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
  [-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "QuickTime Task"=-
  "Adobe ARM"=-
  "SunJavaUpdateSched"=-
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "FirewallOverride"=dword:00000000
  "DisableThumbnailCache"=dword:00000000
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[Princ_krasoň]

ComboFix 11-07-27.01 - home 27.07.2011 17:22:45.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.958.296 [GMT 2:00]
Spuštěný z: c:\users\home\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\home\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Google Software Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
file zipped: c:\windows\unrar.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_561c.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\uTorrentBar
c:\program files\uTorrentBar\GottenAppsContextMenu.xml
c:\program files\uTorrentBar\INSTALL.LOG
c:\program files\uTorrentBar\OtherAppsContextMenu.xml
c:\program files\uTorrentBar\SharedAppsContextMenu.xml
c:\program files\uTorrentBar\tbuTo1.dll
c:\program files\uTorrentBar\tbuTor.dll
c:\program files\uTorrentBar\toolbar.cfg
c:\program files\uTorrentBar\ToolbarContextMenu.xml
c:\program files\uTorrentBar\UNWISE.EXE
c:\program files\uTorrentBar\uTorrentBarToolbarHelper.exe
c:\windows\av_ico
c:\windows\av_ico\ico_Essentials_start.ico
c:\windows\phoenix
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\rpcminer
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
c:\windows\update.tray-14-0-lnk
c:\windows\update.tray-14-0
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-27 do 2011-07-27 )))))))))))))))))))))))))))))))
.
.
2011-07-27 15:29 . 2011-07-27 15:31 -------- d-----w- c:\users\home\AppData\Local\temp
2011-07-27 15:29 . 2011-07-27 15:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-26 19:29 . 2011-07-26 19:30 -------- d-----w- c:\program files\trend micro
2011-07-26 19:29 . 2011-07-26 19:30 -------- d-----w- C:\rsit
2011-07-26 13:16 . 2011-07-20 07:44 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E121BB8A-A1A5-4EF6-A3CB-760FE0F01A7B}\mpengine.dll
2011-07-18 15:45 . 2011-07-18 15:45 -------- d-----w- c:\users\home\AppData\Local\ElevatedDiagnostics
2011-07-17 19:18 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93D604E1-BC2A-4C87-97EE-6E8914439C82}\mpengine.dll
2011-07-15 18:43 . 2011-07-15 18:43 -------- d-----w- c:\program files\uTorrent
2011-07-15 18:42 . 2011-07-15 18:42 -------- d-----w- c:\users\home\AppData\Local\uTorrent
2011-07-07 15:28 . 2011-07-07 15:28 -------- d-----w- c:\program files\DVDFab 8 Qt
2011-06-29 11:21 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 11:21 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 11:21 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 11:21 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 11:21 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 11:21 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-29 11:21 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 11:21 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 11:21 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 11:21 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 17:52 . 2010-12-01 19:44 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2010-12-01 19:44 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-20 08:02 . 2011-05-16 07:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-10 17:09 . 2011-06-10 16:56 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-06-10 17:09 . 2011-06-10 17:09 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-06-10 17:09 . 2011-06-10 16:55 270240 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-06-10 16:56 . 2011-06-10 16:56 138056 ----a-w- c:\users\home\AppData\Roaming\PnkBstrK.sys
2011-06-10 16:55 . 2011-06-10 16:55 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-06-10 16:55 . 2011-06-10 16:55 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-06-07 15:55 . 2010-06-18 11:49 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-29 11:06 . 2011-05-28 19:50 21840 ----atw- c:\windows\system32\SIntfNT.dll
2011-05-29 11:06 . 2011-05-28 19:50 17212 ----atw- c:\windows\system32\SIntf32.dll
2011-05-29 11:06 . 2011-05-28 19:50 12067 ----atw- c:\windows\system32\SIntf16.dll
2011-05-24 17:14 . 2010-06-15 19:48 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-13 15:57 . 2011-05-13 15:57 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-13 15:57 . 2011-05-13 15:57 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-13 15:57 . 2011-05-13 15:57 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-13 15:57 . 2011-05-13 15:57 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-05-13 15:57 . 2011-05-13 15:57 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-05-13 15:57 . 2011-05-13 15:57 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-13 15:57 . 2011-05-13 15:57 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-05-13 15:57 . 2011-05-13 15:57 367104 ----a-w- c:\windows\system32\html.iec
2011-05-13 15:57 . 2011-05-13 15:57 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-05-13 15:57 . 2011-05-13 15:57 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-13 15:57 . 2011-05-13 15:57 161792 ----a-w- c:\windows\system32\msls31.dll
2011-05-13 15:57 . 2011-05-13 15:57 152064 ----a-w- c:\windows\system32\wextract.exe
2011-05-13 15:57 . 2011-05-13 15:57 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-05-13 15:57 . 2011-05-13 15:57 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-13 15:57 . 2011-05-13 15:57 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-13 15:57 . 2011-05-13 15:57 11776 ----a-w- c:\windows\system32\mshta.exe
2011-05-13 15:57 . 2011-05-13 15:57 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-05-13 15:57 . 2011-05-13 15:57 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-13 15:57 . 2011-05-13 15:57 101888 ----a-w- c:\windows\system32\admparse.dll
2011-05-04 02:52 . 2010-06-18 06:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-03 04:30 . 2011-06-16 17:17 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 02:46 . 2011-06-16 17:17 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:46 . 2011-06-16 17:17 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:46 . 2011-06-16 17:17 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-07-08 07:29 . 2011-07-18 15:00 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-06 7440928]
.
c:\users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Shrink Pic.lnk - c:\program files\Shrink Pic\shrink_pic.exe [2006-8-18 2740299]
Spc.lnk - c:\program files\Smart PC Solutions\Smart Parental Control\SPC.exe [2010-7-19 239104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl0063f815;MpKsl0063f815;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C3458851-023B-4DDB-8CA1-0B85ABEB3805}\MpKsl0063f815.sys [x]
R1 MpKsl02dd2625;MpKsl02dd2625;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F7D18DB-C9EA-4214-93E0-7403CC4429BB}\MpKsl02dd2625.sys [x]
R1 MpKsl0674f855;MpKsl0674f855;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96BE75F2-ABAF-4226-A591-1C734E620DE2}\MpKsl0674f855.sys [x]
R1 MpKsl0ae7e203;MpKsl0ae7e203;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8BCAC227-0BF0-439C-95F8-C81D4B375017}\MpKsl0ae7e203.sys [x]
R1 MpKsl104393c8;MpKsl104393c8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F0D503AB-BBB7-41B4-9B2F-DF1C276570E4}\MpKsl104393c8.sys [x]
R1 MpKsl14fe82b8;MpKsl14fe82b8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8DB6A1AB-6DAC-4553-8FD7-C9706735892F}\MpKsl14fe82b8.sys [x]
R1 MpKsl18f8f5c0;MpKsl18f8f5c0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{543708DF-82F2-44E7-B1C8-55979485BAC9}\MpKsl18f8f5c0.sys [x]
R1 MpKsl1ab1a668;MpKsl1ab1a668;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A36B28CC-F498-4949-AF2A-F0C5C271C85B}\MpKsl1ab1a668.sys [x]
R1 MpKsl24e81932;MpKsl24e81932;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BC672909-9A93-4C2D-93AA-0261892EB01E}\MpKsl24e81932.sys [x]
R1 MpKsl35c7542b;MpKsl35c7542b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AE2FCE07-212F-4F19-A4FA-C861A27F7A4F}\MpKsl35c7542b.sys [x]
R1 MpKsl3816f7db;MpKsl3816f7db;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5FCB3F72-F28A-4CFB-8CB6-C7471D8A1844}\MpKsl3816f7db.sys [x]
R1 MpKsl3dacc3aa;MpKsl3dacc3aa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC273C21-339A-423B-8B97-2D7D89D39C79}\MpKsl3dacc3aa.sys [x]
R1 MpKsl440a305a;MpKsl440a305a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C1F1952-FAEA-443F-A03B-7BA0C6260F0E}\MpKsl440a305a.sys [x]
R1 MpKsl457e04b5;MpKsl457e04b5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{97B2355E-7A54-49D4-9FDC-44AD3676B696}\MpKsl457e04b5.sys [x]
R1 MpKsl4860d71f;MpKsl4860d71f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{615F3308-E8F7-4F4B-A400-F0B8C6C0E5B2}\MpKsl4860d71f.sys [x]
R1 MpKsl4fc2d408;MpKsl4fc2d408;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{09927ADB-91BD-4150-A3C0-6CB1A57B52C0}\MpKsl4fc2d408.sys [x]
R1 MpKsl57995996;MpKsl57995996;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A11EAF0E-BAA4-48C1-8CEA-3FD830784228}\MpKsl57995996.sys [x]
R1 MpKsl58945cf3;MpKsl58945cf3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{36535B46-C0C2-4012-B710-254922444A3E}\MpKsl58945cf3.sys [x]
R1 MpKsl593d9342;MpKsl593d9342;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0CBF2E45-4047-483E-A833-E7A8754DC34B}\MpKsl593d9342.sys [x]
R1 MpKsl5a85c8c2;MpKsl5a85c8c2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E9095412-552C-4353-8E89-D58DBFAE9CE4}\MpKsl5a85c8c2.sys [x]
R1 MpKsl6b5838cd;MpKsl6b5838cd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D3962A08-C8BD-4606-84AA-E73F1D97E215}\MpKsl6b5838cd.sys [x]
R1 MpKsl81c7909e;MpKsl81c7909e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB83F64F-EBC0-485D-B3EE-D6E7524D0777}\MpKsl81c7909e.sys [x]
R1 MpKsl87399180;MpKsl87399180;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59E89992-754F-4D4A-A9DE-CD04A4956874}\MpKsl87399180.sys [x]
R1 MpKsl8fecfa3c;MpKsl8fecfa3c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1539738C-760E-4BE4-A486-ECAD15643CDF}\MpKsl8fecfa3c.sys [x]
R1 MpKsl9222a899;MpKsl9222a899;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D4FE67D-FDC7-47AD-AAC2-716FBFDB0544}\MpKsl9222a899.sys [x]
R1 MpKsl9fed2fe2;MpKsl9fed2fe2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB167799-7293-46C5-BB35-370500E66239}\MpKsl9fed2fe2.sys [x]
R1 MpKsla58dda3a;MpKsla58dda3a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56BC2C96-C886-4CEC-8E40-F463C9AD72D8}\MpKsla58dda3a.sys [x]
R1 MpKslab89ca62;MpKslab89ca62;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{65DECFCD-12B6-4F1D-A074-92BF9B914C3F}\MpKslab89ca62.sys [x]
R1 MpKslaca52889;MpKslaca52889;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5FD7867C-0D36-4C9B-9349-2A1CF6F9DA57}\MpKslaca52889.sys [x]
R1 MpKslaf600b1f;MpKslaf600b1f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B436B8EE-8587-4F7E-B51F-F59FAC44A7F1}\MpKslaf600b1f.sys [x]
R1 MpKslb2923b3f;MpKslb2923b3f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5FD7867C-0D36-4C9B-9349-2A1CF6F9DA57}\MpKslb2923b3f.sys [x]
R1 MpKslb694cf98;MpKslb694cf98;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56BC2C96-C886-4CEC-8E40-F463C9AD72D8}\MpKslb694cf98.sys [x]
R1 MpKslb78c3529;MpKslb78c3529;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1539738C-760E-4BE4-A486-ECAD15643CDF}\MpKslb78c3529.sys [x]
R1 MpKslba3458e8;MpKslba3458e8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2931284-2CA3-4169-BF5E-ABA63A8E01DE}\MpKslba3458e8.sys [x]
R1 MpKslbaa5e15a;MpKslbaa5e15a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{02BAC0E8-FA69-40F5-B5BF-B375860B486F}\MpKslbaa5e15a.sys [x]
R1 MpKslc21aa3c1;MpKslc21aa3c1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{77296DFF-9A15-4E50-9848-948D6419C032}\MpKslc21aa3c1.sys [x]
R1 MpKslc6db4631;MpKslc6db4631;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43916DBF-83B7-4CF6-901F-6DB9AC805B5B}\MpKslc6db4631.sys [x]
R1 MpKslc9e66ebe;MpKslc9e66ebe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{377E017F-765F-4619-A7F3-F2946505F1AF}\MpKslc9e66ebe.sys [x]
R1 MpKsld8e040d1;MpKsld8e040d1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{37B792B6-6117-4708-9556-08FC3AC4B47D}\MpKsld8e040d1.sys [x]
R1 MpKsldc2bb4ec;MpKsldc2bb4ec;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE982F16-1152-4555-9A2C-22B69EF34CDA}\MpKsldc2bb4ec.sys [x]
R1 MpKsldea8e7e2;MpKsldea8e7e2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC273C21-339A-423B-8B97-2D7D89D39C79}\MpKsldea8e7e2.sys [x]
R1 MpKsldf4e3d29;MpKsldf4e3d29;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{42704F7A-D344-4C19-9852-18C1023D8EB0}\MpKsldf4e3d29.sys [x]
R1 MpKsldf7642d6;MpKsldf7642d6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3A08EA29-F594-4A46-BAB9-9ADA5620A842}\MpKsldf7642d6.sys [x]
R1 MpKsle052bf63;MpKsle052bf63;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BDEAAE47-041B-4A70-8B00-1D0D94E66382}\MpKsle052bf63.sys [x]
R1 MpKsle17898ca;MpKsle17898ca;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E352444-7DDF-4597-AF64-4F21C1EDFB3C}\MpKsle17898ca.sys [x]
R1 MpKslf6a9e8dd;MpKslf6a9e8dd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76874009-EB8A-4056-84F9-363584D642BF}\MpKslf6a9e8dd.sys [x]
R1 MpKslf77d92b2;MpKslf77d92b2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2F8EA45-F88B-49C9-9945-DCF75C59B6AA}\MpKslf77d92b2.sys [x]
R1 MpKslfd485ba0;MpKslfd485ba0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{543708DF-82F2-44E7-B1C8-55979485BAC9}\MpKslfd485ba0.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 CFcatchme;CFcatchme;c:\users\home\AppData\Local\Temp\CFcatchme.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\plugins\UI\safedrv.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-16 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-19 691696]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
TCP: Interfaces\{CC1EB1C3-5280-4EC7-BAA1-9D143BA2DD9F}: NameServer = 172.16.0.5,172.16.10.1
FF - ProfilePath - c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\w8dsnbiw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-uTorrentBar Toolbar - c:\progra~1\UTORRE~1\UNWISE.EXE
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(1912)
c:\program files\Shrink Pic\shrinkpici.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\taskhost.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\system32\WUDFHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2011-07-27 17:34:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-27 15:34
ComboFix2.txt 2011-07-27 09:49
.
Před spuštěním: 7 653 191 680
Po spuštění: 7 880 060 928
.
- - End Of File - - 261351FBDCA28107119E4DAF30C90563

[vyosek]

Nejak jste COmboFix neprejmenoval Nic se nedeje

Jak se chova PC

[Princ_krasoň]

Jo! Já chtěl, ale nějak jsem na to pozapoměl

Zatížení CPU se drží nízko. 2x-3x níže, než za přítomnosti vira a všechno ostatní také funguje. Děkuji ještě jednou moc za pomoc, do týdne snad něco pošlu za odměnu

[Princ_krasoň]

Tak jedna věc by tu asi byla, ale nevím, jestli to souvisí s virem - občas padají videa třeba na videacesky.cz ...

[vyosek]

Zkuste preinstalovat flash player

Za pripadnou podporu fora jmenem celeho tymu dekuji