prosba o pomoc - FB vir

[sammuray]

Dobrý den. Prosím o pomoc s odstraněním fb viru.
Zde je log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Otas at 2011-07-31 09:43:54
Microsoft Windows 7 Home Premium
System drive C: has 74 GB (62%) free of 119 GB
Total RAM: 3884 MB (52% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe"
"C:\Windows\system32\FBAgent.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"D:\programy\Advanced SystemCare 4\ASCService.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
"C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
"C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe"
"C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe"
C:\Windows\update.5.0\svchost.exe srv
C:\Windows\update.2\svchost.exe srv
"C:\Windows\update.5.0\svchost.exe" stand
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\update.1\svchost.exe srv
C:\Windows\system32\wbem\wmiprvse.exe
WLIDSvcM.exe 2684
"D:\programy\HDD Health\HDDHealth.exe" -wl
C:\Windows\system32\SearchIndexer.exe /Embedding
"taskhost.exe"
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"C:\Windows\system32\Dwm.exe"
taskeng.exe {B4DF1E55-CC3B-4A96-9418-8DA83E7F16E2}
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe"
"C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe"
"C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
"C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe"
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
"C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe"
"C:\Program Files\P4G\BatteryLife.exe"
"C:\Windows\SysWOW64\ACEngSvr.exe" -Embedding
"C:\Windows\update.2\svchost.exe" stand
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
"D:\programy\Advanced SystemCare 4\PMonitor.exe"
C:\Windows\system32\wbem\wmiprvse.exe
ATKOSD.exe
WDC.exe
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"
"C:\Windows\update.tray-8-0\svchost.exe"
"C:\Windows\sysdriver32_.exe" rezerv
"C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe"
"C:\Windows\AsScrPro.exe"
"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"C:\Windows\l1rezerv.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"D:\programy\NetWorx\networx.exe" /auto
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe"
"C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe" /f=srs_premium_sound_nopreset.zip
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "E:\"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Windows\system32\wuauclt.exe"
"taskhost.exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
"C:\Users\Otas\Desktop\Nová složka (2)\RSITx64 (1).exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08 68960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-23 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-04-14 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-02-11 162328]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-02-11 386584]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-02-11 417304]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2010-01-13 635784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe [2009-06-24 272952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 4]
D:\programy\Advanced SystemCare 4\ASCTray.exe [2011-04-21 402832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2010-04-24 3054136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS WebStorage]
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [2009-12-24 1736704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-11-02 103720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDDHealth]
D:\programy\HDD Health\HDDHealth.exe [2008-06-15 1692672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDInspector.exe]
C:\Program Files (x86)\Hard Drive Inspector\HDInspector.exe [2010-10-11 3145464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2011-05-25 1951112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetWorx]
D:\programy\NetWorx\networx.exe [2010-06-22 2944512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafeQ Client]
C:\Program Files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe [2010-03-31 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartAudio]
C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2009-11-19 307768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2011-06-06 3318784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-01-07 253672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UfSeAgnt.exe]
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2010-02-23 1022904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2009-07-02 1079584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk]
C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-04-24 12862]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk]
C:\Windows\INSTAL~1\{E5CF6~1\NEWSHO~4.EXE [2010-04-24 156952]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-02-04 7350912]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2010-01-05 170624]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"wxpdrv"=C:\Windows\services32.exe [2011-07-17 1170432]
"tray_ico"= []
"tray_ico0"=C:\Windows\update.tray-8-0\svchost.exe [2011-07-17 1170432]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"7356255.exe"=C:\Windows\Temp\7356255.exe [2011-07-17 232960]
"sysdriver32.exe"=C:\Windows\sysdriver32.exe rezerv []
"sysdriver32_.exe"=C:\Windows\sysdriver32_.exe [2011-07-17 232960]
"8539531.exe"=C:\Windows\Temp\8539531.exe [2011-07-17 483328]
"conhost"=C:\Users\Otas\AppData\Roaming\Microsoft\conhost.exe [2011-07-18 169472]
"systemup"=C:\Windows\systemup.exe stand []
"l1rezerv.exe"=C:\Windows\l1rezerv.exe [2011-07-17 110592]
"6260567.exe"=C:\Windows\Temp\6260567.exe [2011-07-17 232960]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Network Server.lnk - C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-02-11 272896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 month======

2011-07-31 09:37:37 ----D---- C:\rsit
2011-07-18 20:24:43 ----D---- C:\Windows\av_ico
2011-07-17 21:36:38 ----A---- C:\Windows\l1rezerv.exe
2011-07-17 21:36:11 ----A---- C:\Windows\ddh_iplist.txt
2011-07-17 21:34:23 ----A---- C:\Windows\gbot111.exe
2011-07-17 21:34:06 ----A---- C:\Windows\iecheck_iplist.txt
2011-07-17 21:33:41 ----HD---- C:\Windows\update.2
2011-07-17 21:27:50 ----A---- C:\Windows\unrar.exe
2011-07-17 21:25:55 ----A---- C:\Windows\btc_client_iplist.txt
2011-07-17 21:25:39 ----A---- C:\Windows\sysdriver32_.exe
2011-07-17 21:25:34 ----HD---- C:\Windows\update.5.0
2011-07-17 21:25:30 ----A---- C:\Windows\iplist.txt
2011-07-17 21:24:51 ----A---- C:\Windows\front_ip_list.txt
2011-07-17 21:23:51 ----HD---- C:\Windows\update.1
2011-07-17 21:23:50 ----HD---- C:\Windows\update.tray-8-0-lnk
2011-07-17 21:23:50 ----HD---- C:\Windows\update.tray-8-0
2011-07-17 21:14:10 ----A---- C:\Windows\winlog-ids.txt
2011-07-17 21:14:10 ----A---- C:\Windows\winlog-dirs.txt
2011-07-17 21:14:04 ----A---- C:\Windows\services32.exe
2011-07-13 19:57:02 ----A---- C:\Windows\system32\kernel32.dll
2011-07-13 19:57:01 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-07-13 19:57:01 ----A---- C:\Windows\system32\wow64win.dll
2011-07-13 19:57:01 ----A---- C:\Windows\system32\winsrv.dll
2011-07-13 19:57:01 ----A---- C:\Windows\system32\conhost.exe
2011-07-13 19:57:00 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-07-13 19:57:00 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-07-13 19:57:00 ----A---- C:\Windows\system32\wow64.dll
2011-07-13 19:57:00 ----A---- C:\Windows\system32\ntvdm64.dll
2011-07-13 19:56:59 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-07-13 19:56:59 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-07-13 19:56:59 ----A---- C:\Windows\system32\wow64cpu.dll
2011-07-13 19:56:55 ----A---- C:\Windows\SYSWOW64\user.exe
2011-07-13 19:56:50 ----A---- C:\Windows\SYSWOW64\esent.dll
2011-07-13 19:56:50 ----A---- C:\Windows\system32\esent.dll
2011-07-13 19:56:50 ----A---- C:\Windows\system32\drivers\storport.sys
2011-07-13 19:56:50 ----A---- C:\Windows\system32\drivers\nvstor.sys
2011-07-13 19:56:50 ----A---- C:\Windows\system32\drivers\nvraid.sys
2011-07-13 19:56:50 ----A---- C:\Windows\system32\drivers\ntfs.sys
2011-07-13 19:56:50 ----A---- C:\Windows\system32\drivers\amdxata.sys
2011-07-13 19:56:50 ----A---- C:\Windows\system32\drivers\amdsata.sys
2011-07-13 19:56:49 ----A---- C:\Windows\SYSWOW64\fsutil.exe
2011-07-13 19:56:49 ----A---- C:\Windows\system32\fsutil.exe
2011-07-13 19:56:49 ----A---- C:\Windows\system32\drivers\USBSTOR.SYS
2011-07-13 19:56:49 ----A---- C:\Windows\system32\drivers\iaStorV.sys
2011-07-13 19:56:38 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-13 19:56:37 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-07-13 19:56:36 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 19:56:36 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 19:56:35 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-13 19:56:34 ----A---- C:\Windows\system32\drivers\usbport.sys
2011-07-13 19:56:34 ----A---- C:\Windows\system32\drivers\usbhub.sys
2011-07-13 19:56:34 ----A---- C:\Windows\system32\drivers\usbehci.sys
2011-07-13 19:56:32 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2011-07-13 19:56:32 ----A---- C:\Windows\system32\drivers\usbohci.sys
2011-07-13 19:56:32 ----A---- C:\Windows\system32\drivers\usbd.sys
2011-07-13 19:56:32 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2011-07-13 19:56:31 ----A---- C:\Windows\system32\drivers\BTHUSB.SYS
2011-07-13 19:56:31 ----A---- C:\Windows\system32\drivers\bthport.sys
2011-07-13 19:56:30 ----A---- C:\Windows\system32\win32k.sys
2011-07-13 19:53:18 ----SHD---- C:\Config.Msi

======List of files/folders modified in the last 1 month======

2011-07-31 09:43:56 ----D---- C:\Windows\Temp
2011-07-31 09:43:32 ----D---- C:\Windows\Prefetch
2011-07-31 09:29:05 ----D---- C:\Windows\system32\config
2011-07-31 08:42:23 ----SHD---- C:\System Volume Information
2011-07-31 08:28:02 ----HD---- C:\ProgramData
2011-07-31 08:27:56 ----D---- C:\Windows\system32\Tasks
2011-07-31 08:27:45 ----D---- C:\ProgramData\NVIDIA
2011-07-31 08:27:45 ----A---- C:\Windows\SYSWOW64\log.txt
2011-07-30 20:02:04 ----D---- C:\Users\Otas\AppData\Roaming\AIMP
2011-07-29 22:39:35 ----D---- C:\Windows\Logs
2011-07-21 21:20:33 ----D---- C:\Windows\system32\drivers\etc
2011-07-18 22:22:34 ----A---- C:\Windows\system32\AutoRunFilter.ini
2011-07-18 21:59:12 ----SD---- C:\Users\Otas\AppData\Roaming\Microsoft
2011-07-18 21:10:13 ----D---- C:\Windows
2011-07-18 20:55:01 ----D---- C:\Program Files (x86)\Spyware Terminator
2011-07-18 20:54:59 ----D---- C:\Users\Otas\AppData\Roaming\Spyware Terminator
2011-07-18 20:51:33 ----D---- C:\ProgramData\Spyware Terminator
2011-07-18 20:24:32 ----A---- C:\Windows\system32\ServiceFilter.ini
2011-07-17 21:23:51 ----RD---- C:\Program Files (x86)
2011-07-14 13:01:15 ----D---- C:\Windows\rescache
2011-07-14 10:34:11 ----D---- C:\Windows\winsxs
2011-07-14 10:18:57 ----D---- C:\Windows\system32\catroot2
2011-07-13 23:26:43 ----D---- C:\Windows\SysWOW64
2011-07-13 23:26:43 ----D---- C:\Windows\System32
2011-07-13 23:26:42 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-07-13 23:26:42 ----D---- C:\Windows\system32\drivers
2011-07-13 23:26:42 ----D---- C:\Windows\system32\cs-CZ
2011-07-13 23:26:40 ----D---- C:\Windows\system32\DriverStore
2011-07-13 23:26:40 ----D---- C:\Windows\AppPatch
2011-07-13 20:00:47 ----A---- C:\Windows\system32\MRT.exe
2011-07-13 20:00:44 ----SHD---- C:\Windows\Installer
2011-07-13 20:00:34 ----D---- C:\ProgramData\Microsoft Help
2011-07-13 19:56:24 ----D---- C:\Windows\system32\catroot
2011-07-12 19:55:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-12 19:55:28 ----D---- C:\Windows\inf
2011-07-06 19:46:06 ----D---- C:\Windows\system32\NDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AsDsm;AsDsm; C:\Windows\system32\drivers\AsDsm.sys [2010-04-24 35384]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-12-17 538136]
R0 lullaby;lullaby; C:\Windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2010-10-08 24680]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-10-22 834544]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2011-06-30 123784]
R1 PSSDK42;PSSDK42; \??\C:\Windows\system32\Drivers\pssdk42.sys [2010-10-26 53312]
R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys [2009-09-29 107536]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2011-06-30 88288]
R2 sp_rsdrv2;Spyware Terminator Driver Filter; C:\Windows\system32\DRIVERS\stflt.sys [2010-07-07 50696]
R2 tmpreflt;tmpreflt; C:\Windows\system32\DRIVERS\tmpreflt.sys [2010-07-30 42576]
R2 tmxpflt;tmxpflt; C:\Windows\system32\DRIVERS\tmxpflt.sys [2010-07-30 309840]
R2 vsapint;vsapint; C:\Windows\system32\DRIVERS\vsapint.sys [2010-07-30 1988176]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\Windows\SYSTEM32\DRIVERS\WibuKey64.sys [2006-11-22 107008]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2009-10-30 704512]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2010-01-18 128512]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-02-03 33856]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-02-11 10628640]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2009-11-26 244736]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2009-08-18 143472]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits); C:\Windows\system32\DRIVERS\JME.sys [2010-02-25 115312]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2009-05-13 15928]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-06-05 1806400]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552448]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-07-01 98344]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2009-07-01 132648]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-07-01 21160]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2008-12-08 61792]
S3 NLNdisMP;NLNdisMP; C:\Windows\system32\DRIVERS\nlndis.sys []
S3 NLNdisPT;NetLimiter Ndis Protocol Service; C:\Windows\system32\DRIVERS\nlndis.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2011-06-07 109056]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 154168]
S4 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2005-08-10 68608]
S4 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2005-05-16 7168]
S4 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2005-11-03 89600]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdvancedSystemCareService;Advanced SystemCare Service; D:\programy\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656]
R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2009-12-08 379520]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2009-06-16 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-12-15 96896]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-07-02 864032]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-10-01 262144]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-10-08 990312]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-10-08 1641064]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2010-10-26 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2010-10-26 107832]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2010-10-09 859712]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe [2011-06-06 948775]
R2 srvbtcclient;srvbtcclient; C:\Windows\update.5.0\svchost.exe [2011-07-17 340480]
R2 srviecheck;srviecheck; C:\Windows\update.2\svchost.exe [2011-07-17 483328]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-08 369256]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
R2 wlidsvc;Windows Live ID Sign-in Assistant; c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R2 wxpdrivers;wxpdrivers; C:\Windows\update.1\svchost.exe [2011-07-17 1170432]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe []
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe []
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-24 135664]
S2 srvsysdriver32;srvsysdriver32; C:\Windows\sysdriver32.exe srv []
S3 ADSMService;ADSM Service; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2008-03-31 225280]
S3 fsssvc;Windows Live Zabezpečení rodiny; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-24 135664]
S3 HDDSvc;HDD Information Service; C:\Program Files (x86)\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe [2010-10-11 458488]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2009-09-29 570632]
S3 TmProxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2009-09-29 917768]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-10-24 1255736]
S3 WkSvw32.exe;WIBU-KEY Server; C:\Program Files (x86)\WIBUKEY\Server\WkSvw32.exe [2006-11-22 577536]

-----------------EOF-----------------

[Danstahr]

Dobré dopoledne ,

Stáhněte MBAM a vložte sem jeho log podle návodu zde, při výběru skenu zvolte Úplný sken.

Zatím nic nemažte, MBAM může mít falešné detekce!

[sammuray]

stáhnul jsem novou verzi malwarebytes, provedl úplný sken ,jeden proces jsem dal do karantény, zde je log:


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Verze databáze: 7035

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

31.7.2011 13:01:29
mbam-log-2011-07-31 (13-01-18).txt

Typ: Úplná kontrola (C:\|D:\|)
Kontrolované objekty: 349290
Uplynulý čas: 38 minut, 40 sekund

Infikované procesy v paměti: 9
Infikované moduly v paměti: 0
Infikované klíče v registru: 6
Infikované hodnoty v registru: 7
Infikované datové položky v registru: 4
Infikované složky: 0
Infikované soubory: 23

Infikované procesy v paměti:
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> 2724 -> No action taken.
c:\Windows\update.tray-8-0\svchost.exe (Trojan.Dropper) -> 4616 -> No action taken.
c:\Windows\l1rezerv.exe (Backdoor.Delf) -> 696 -> No action taken.
c:\Windows\sysdriver32_.exe (Trojan.Delf) -> 4644 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 2332 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 3640 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 6872 -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 2224 -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 2360 -> No action taken.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Backdoor.Delf) -> Value: l1rezerv.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Dropper) -> Value: wxpdrv -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Delf) -> Value: sysdriver32_.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-8-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\l1rezerv.exe (Backdoor.Delf) -> No action taken.
c:\Windows\services32.exe (Trojan.Dropper) -> No action taken.
c:\Users\Otas\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\T44SNGYE\flash-player[1].exe (Trojan.Dropper) -> No action taken.
c:\Users\Otas\AppData\Local\Opera\Opera\cache\g_0006\opr01RVY.tmp (Trojan.Dropper) -> No action taken.
c:\Windows\AutoKMS.exe (RiskWare.Tool.CK) -> No action taken.
c:\Windows\Temp\1411189.exe (Backdoor.Delf) -> No action taken.
c:\Windows\Temp\8233192.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\8260672.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\8817463.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.tray-8-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
d:\flash-player.exe (Trojan.Dropper) -> No action taken.
d:\Download\office2007\keygen.exe (RiskWare.Tool.CK) -> No action taken.
d:\games\Mafia 2\mafia 2 cz + crack\Crack\Phx_data\Res\EmuCfg.exe (Trojan.Agent) -> No action taken.
d:\games\Mafia 2\mafia 2 cz + crack\Crack\Phx_data\Res\GCFMgr.exe (Trojan.Agent) -> No action taken.
d:\games\Mafia 2\mafia 2 cz + crack\Crack\Phx_data\Res\RICO.exe (Backdoor.Bot) -> No action taken.
d:\games\Mafia 2\mafia 2 cz + crack\Crack\Phx_data\Res\ss.exe (Backdoor.Bot) -> No action taken.
c:\Users\Otas\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> No action taken.
c:\Windows\sysdriver32_.exe (Trojan.Delf) -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.

[Danstahr]

Infekci nalezenou MBAMem smažte.


Pozor! Tato utilita má velkou schopnost mazat a její použití je určeno výhradně členům týmu tohoto fóra. Svévolné použití může vést ke zboření a reinstalaci systému

Stáhněte ComboFix a uložte jej na Plochu.

Vypněte všechny rezidentní štíty antivirů a všechny programy běžící na pozadí.
Spusťte ComboFix s administrátorským oprávněním.
Potvrďte licenční podmínky a případně i instalaci konzoly pro zotavení
Během skenu nechte počítač naprosto v klidu.
Sken trvá zhruba 15 minut, ale doba se může lišit v závislosti na stavu systému
Po dokončení skenu se zobrazí log (pokud by se neotevřel, lze jej nalézt na systémovém disku jako ComboFix.txt), obsah logu vložte sem
ComboFixu si do dalšího pokynu nevšímejte

[sammuray]

log z combofixu

ComboFix 11-07-31.02 - Otas 31.07.2011 13:50:43.1.4 - x64
Microsoft Windows 7 Home Premium
Spuštěný z: c:\users\Otas\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
c:\programdata\FullRemove.exe
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\gbot111.exe
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\proc_list1.log
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\Temp\6260567.exe
c:\windows\Temp\7356255.exe
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-28 do 2011-07-31 )))))))))))))))))))))))))))))))
.
.
2011-07-31 11:57 . 2011-07-31 11:57 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-07-31 11:57 . 2011-07-31 11:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-31 10:12 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-31 10:04 . 2011-07-31 10:04 -------- d-----w- c:\users\Otas\AppData\Roaming\Malwarebytes
2011-07-31 10:04 . 2011-07-31 10:04 -------- d-----w- c:\programdata\Malwarebytes
2011-07-31 10:04 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-31 07:37 . 2011-07-31 07:37 -------- d-----w- C:\rsit
2011-07-18 18:24 . 2011-07-18 18:24 -------- d-----w- c:\windows\av_ico
2011-07-17 19:27 . 2011-07-17 19:27 246272 ----a-w- c:\windows\unrar.exe
2011-07-17 19:23 . 2011-07-31 11:47 -------- d--h--w- c:\windows\update.tray-8-0
2011-07-17 19:23 . 2011-07-31 11:47 -------- d--h--w- c:\windows\update.tray-8-0-lnk
2011-07-13 17:57 . 2011-06-02 06:45 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-13 17:57 . 2011-06-02 06:44 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 17:57 . 2011-06-02 06:35 338944 ----a-w- c:\windows\system32\conhost.exe
2011-07-13 17:57 . 2011-06-02 06:45 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-13 17:57 . 2011-06-02 06:42 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-13 17:57 . 2011-06-02 05:59 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-13 17:57 . 2011-06-02 05:56 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-12 15:48 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{960687F0-2038-407F-82B7-5BC1905B17CA}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-30 09:36 . 2011-01-05 20:28 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-30 09:36 . 2011-01-05 20:28 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-29 18:56 . 2011-06-29 18:56 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-06-29 18:56 . 2011-06-29 18:56 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-06-29 18:56 . 2011-06-29 18:56 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 18:56 . 2011-06-29 18:56 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-06-29 18:56 . 2011-06-29 18:56 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-06-29 18:55 . 2011-06-29 18:55 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2011-06-29 18:55 . 2011-06-29 18:55 75264 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-29 18:55 . 2011-06-29 18:55 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2011-06-29 18:55 . 2011-06-29 18:55 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2011-06-29 18:55 . 2011-06-29 18:55 593408 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 18:55 . 2011-06-29 18:55 428032 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2011-06-29 18:55 . 2011-06-29 18:55 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2011-06-29 18:55 . 2011-06-29 18:55 2326016 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 18:55 . 2011-06-29 18:55 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2011-06-29 18:55 . 2011-06-29 18:55 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2011-06-29 18:55 . 2011-06-29 18:55 1553920 ----a-w- c:\windows\SysWow64\tquery.dll
2011-06-29 18:55 . 2011-06-29 18:55 1401856 ----a-w- c:\windows\SysWow64\mssrch.dll
2011-06-29 18:55 . 2011-06-29 18:55 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 18:55 . 2011-06-29 18:55 491520 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 18:55 . 2011-06-29 18:55 779264 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 18:55 . 2011-06-29 18:55 288256 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 18:55 . 2011-06-29 18:55 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-29 18:55 . 2011-06-29 18:55 2228224 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 18:54 . 2011-06-29 18:54 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-06-29 18:54 . 2011-06-29 18:54 57856 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-29 18:54 . 2011-06-29 18:54 482816 ----a-w- c:\windows\system32\html.iec
2011-06-29 18:54 . 2011-06-29 18:54 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-06-29 18:54 . 2011-06-29 18:54 386048 ----a-w- c:\windows\SysWow64\html.iec
2011-06-29 18:54 . 2011-06-29 18:54 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-06-29 18:54 . 2011-06-29 18:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-29 18:54 . 2011-06-29 18:54 1197056 ----a-w- c:\windows\system32\wininet.dll
2011-06-29 18:52 . 2011-06-29 18:52 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-29 18:52 . 2011-06-29 18:52 399872 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-29 18:52 . 2011-06-29 18:52 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-29 18:52 . 2011-06-29 18:52 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-29 18:52 . 2011-06-29 18:52 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-06-29 18:51 . 2011-06-29 18:51 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-29 18:51 . 2011-06-29 18:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-29 18:51 . 2011-06-29 18:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-29 18:51 . 2011-06-29 18:51 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-29 18:51 . 2011-06-29 18:51 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-06-07 02:39 . 2011-06-07 02:39 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-06-07 02:39 . 2011-06-07 02:39 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-06-07 02:39 . 2011-06-07 02:39 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-06-07 02:39 . 2011-06-07 02:39 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-06-07 02:39 . 2011-06-07 02:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-06-07 02:39 . 2011-06-07 02:39 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-06-07 02:38 . 2011-06-07 02:38 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-06-07 02:38 . 2011-06-07 02:38 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-06-07 02:38 . 2011-06-07 02:38 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-06-07 02:38 . 2011-06-07 02:38 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-06-07 02:38 . 2011-06-07 02:38 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-06-07 02:38 . 2011-06-07 02:38 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-07 02:38 . 2011-06-07 02:38 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-06-07 02:38 . 2011-06-07 02:38 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-06-07 02:38 . 2011-06-07 02:38 109056 ----a-w- c:\windows\system32\drivers\sdbus.sys
2011-06-02 05:56 . 2011-07-13 17:57 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-24 17:14 . 2010-10-22 11:04 270720 ------w- c:\windows\system32\MpSigStub.exe
2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
2006-05-03 09:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Malwarebytes' Anti-Malware"="d:\programy\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"Malwarebytes' Anti-Malware (reboot)"="d:\programy\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="d:\programy\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Network Server.lnk - c:\program files (x86)\WIBUKEY\Server\WkSvMgr.exe [2011-4-8 3768320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-24 135664]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-24 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [x]
S2 AdvancedSystemCareService;Advanced SystemCare Service;d:\programy\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-10-07 1641064]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMPROTECTOR
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-24 07:36]
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-24 07:36]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:62747
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-tray_ico - (no file)
Wow6432Node-HKLM-Run-tray_ico1 - (no file)
Wow6432Node-HKLM-Run-tray_ico2 - (no file)
Wow6432Node-HKLM-Run-tray_ico3 - (no file)
Wow6432Node-HKLM-Run-tray_ico4 - (no file)
Wow6432Node-HKLM-Run-systemup - c:\windows\systemup.exe
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Avira AntiVir Desktop - c:\program files (x86)\Avira\AntiVir Desktop\setup.exe
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-07-31 14:00:32
ComboFix-quarantined-files.txt 2011-07-31 12:00
.
Před spuštěním: Volných bajtů: 77 847 187 456
Po spuštění: Volných bajtů: 77 737 492 480
.
- - End Of File - - 6D2E326848E653FFC50836DC6BF4A8F4

[Danstahr]

Prosím o strpení, koukám na F1 , pak napíšu dočišťovací skript.

[Danstahr]

Otevřete Poznámkový blok, vložte do něj následující text a uložte soubor na Plochu jako CFScript.txt. Pak soubor přetáhněte na ikonu ComboFixu (viz obrázek). Po restartu se otevře log, ten sem vložte.

Kód: Vybrat vše

killall::

files::
c:\windows\unrar.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

folder::
c:\windows\av_ico
c:\windows\update.tray-8-0
c:\windows\update.tray-8-0-lnk

registry::
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"=dword:00000001

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Driver::
gupdate
gupdatem

reboot::

[sammuray]

zde je log:

ComboFix 11-07-31.02 - Otas 31.07.2011 18:26:50.2.4 - x64
Microsoft Windows 7 Home Premium
Spuštěný z: c:\users\Otas\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Otas\Desktop\CFScript.txt
AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\av_ico
c:\windows\av_ico\ico_avira_start.ico
c:\windows\update.tray-8-0-lnk
c:\windows\update.tray-8-0
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-28 do 2011-07-31 )))))))))))))))))))))))))))))))
.
.
2011-07-31 16:35 . 2011-07-31 16:35 0 ---ha-w- c:\users\Otas\AppData\Local\BITBAC9.tmp
2011-07-31 16:31 . 2011-07-31 16:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-07-31 10:12 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-31 10:04 . 2011-07-31 10:04 -------- d-----w- c:\users\Otas\AppData\Roaming\Malwarebytes
2011-07-31 10:04 . 2011-07-31 10:04 -------- d-----w- c:\programdata\Malwarebytes
2011-07-31 10:04 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-31 07:37 . 2011-07-31 07:37 -------- d-----w- C:\rsit
2011-07-17 19:27 . 2011-07-17 19:27 246272 ----a-w- c:\windows\unrar.exe
2011-07-13 17:57 . 2011-06-02 06:45 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-13 17:57 . 2011-06-02 06:44 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 17:57 . 2011-06-02 06:35 338944 ----a-w- c:\windows\system32\conhost.exe
2011-07-13 17:57 . 2011-06-02 06:45 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-13 17:57 . 2011-06-02 06:42 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-13 17:57 . 2011-06-02 05:59 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-13 17:57 . 2011-06-02 05:56 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-12 15:48 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{960687F0-2038-407F-82B7-5BC1905B17CA}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-30 09:36 . 2011-01-05 20:28 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-30 09:36 . 2011-01-05 20:28 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-29 18:56 . 2011-06-29 18:56 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-06-29 18:56 . 2011-06-29 18:56 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-06-29 18:56 . 2011-06-29 18:56 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 18:56 . 2011-06-29 18:56 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-06-29 18:56 . 2011-06-29 18:56 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-06-29 18:55 . 2011-06-29 18:55 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2011-06-29 18:55 . 2011-06-29 18:55 75264 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-29 18:55 . 2011-06-29 18:55 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2011-06-29 18:55 . 2011-06-29 18:55 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2011-06-29 18:55 . 2011-06-29 18:55 593408 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 18:55 . 2011-06-29 18:55 428032 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2011-06-29 18:55 . 2011-06-29 18:55 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2011-06-29 18:55 . 2011-06-29 18:55 2326016 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 18:55 . 2011-06-29 18:55 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2011-06-29 18:55 . 2011-06-29 18:55 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2011-06-29 18:55 . 2011-06-29 18:55 1553920 ----a-w- c:\windows\SysWow64\tquery.dll
2011-06-29 18:55 . 2011-06-29 18:55 1401856 ----a-w- c:\windows\SysWow64\mssrch.dll
2011-06-29 18:55 . 2011-06-29 18:55 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 18:55 . 2011-06-29 18:55 491520 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 18:55 . 2011-06-29 18:55 779264 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 18:55 . 2011-06-29 18:55 288256 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 18:55 . 2011-06-29 18:55 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-29 18:55 . 2011-06-29 18:55 2228224 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 18:54 . 2011-06-29 18:54 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-06-29 18:54 . 2011-06-29 18:54 57856 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-29 18:54 . 2011-06-29 18:54 482816 ----a-w- c:\windows\system32\html.iec
2011-06-29 18:54 . 2011-06-29 18:54 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-06-29 18:54 . 2011-06-29 18:54 386048 ----a-w- c:\windows\SysWow64\html.iec
2011-06-29 18:54 . 2011-06-29 18:54 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-06-29 18:54 . 2011-06-29 18:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-29 18:54 . 2011-06-29 18:54 1197056 ----a-w- c:\windows\system32\wininet.dll
2011-06-29 18:52 . 2011-06-29 18:52 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-29 18:52 . 2011-06-29 18:52 399872 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-29 18:52 . 2011-06-29 18:52 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-29 18:52 . 2011-06-29 18:52 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-29 18:52 . 2011-06-29 18:52 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-06-29 18:51 . 2011-06-29 18:51 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-29 18:51 . 2011-06-29 18:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-29 18:51 . 2011-06-29 18:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-29 18:51 . 2011-06-29 18:51 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-29 18:51 . 2011-06-29 18:51 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-06-07 02:39 . 2011-06-07 02:39 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-06-07 02:39 . 2011-06-07 02:39 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-06-07 02:39 . 2011-06-07 02:39 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-06-07 02:39 . 2011-06-07 02:39 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-06-07 02:39 . 2011-06-07 02:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-06-07 02:39 . 2011-06-07 02:39 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-06-07 02:38 . 2011-06-07 02:38 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-06-07 02:38 . 2011-06-07 02:38 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-06-07 02:38 . 2011-06-07 02:38 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-06-07 02:38 . 2011-06-07 02:38 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-06-07 02:38 . 2011-06-07 02:38 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-06-07 02:38 . 2011-06-07 02:38 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-07 02:38 . 2011-06-07 02:38 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-06-07 02:38 . 2011-06-07 02:38 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-06-07 02:38 . 2011-06-07 02:38 109056 ----a-w- c:\windows\system32\drivers\sdbus.sys
2011-06-02 05:56 . 2011-07-13 17:57 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-24 17:14 . 2010-10-22 11:04 270720 ------w- c:\windows\system32\MpSigStub.exe
2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
2006-05-03 09:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-31_11.58.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-07-31 06:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-07-31 16:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-07-31 16:32 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-31 06:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-31 16:32 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-31 06:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-23 01:37 . 2011-07-31 16:32 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-23 01:37 . 2011-07-31 06:27 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-23 01:37 . 2011-07-31 06:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-23 01:37 . 2011-07-31 16:32 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-31 16:32 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-31 06:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-22 10:57 . 2011-07-31 06:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-22 10:57 . 2011-07-31 16:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-22 10:57 . 2011-07-31 16:34 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-22 10:57 . 2011-07-31 06:28 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-22 10:57 . 2011-07-31 16:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-22 10:57 . 2011-07-31 06:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-22 10:40 . 2011-07-31 11:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-22 10:40 . 2011-07-31 16:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-22 10:40 . 2011-07-31 11:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-22 10:40 . 2011-07-31 16:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-31 06:27 . 2011-07-31 06:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-31 16:32 . 2011-07-31 16:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-31 06:27 . 2011-07-31 06:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-31 16:32 . 2011-07-31 16:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-07-30 21:32 441100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-07-31 16:31 441100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Malwarebytes' Anti-Malware"="d:\programy\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Network Server.lnk - c:\program files (x86)\WIBUKEY\Server\WkSvMgr.exe [2011-4-8 3768320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-09-29 917768]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WkSvw32.exe;WIBU-KEY Server;c:\program files (x86)\WIBUKEY\Server\WkSvw32.exe [2006-11-22 577536]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdvancedSystemCareService;Advanced SystemCare Service;d:\programy\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720]
S2 MBAMService;MBAMService;d:\programy\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-10-07 1641064]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-07 369256]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-24 07:36]
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-24 07:36]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF21022.cfxxe" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:62747
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
d:\programy\Advanced SystemCare 4\PMonitor.exe
d:\programy\HDD Health\HDDHealth.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
d:\programy\NetWorx\networx.exe
.
**************************************************************************
.
Celkový čas: 2011-07-31 18:39:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-31 16:39
ComboFix2.txt 2011-07-31 12:00
.
Před spuštěním: Volných bajtů: 77 801 082 880
Po spuštění: Volných bajtů: 77 148 778 496
.
- - End Of File - - 68817D6A41F22E8B51EAFE9E4580BCB2

[Danstahr]

Ve skriptu byla malá chybka, opakujte prosím předchozí krok s tímto skriptem :

Kód: Vybrat vše

file::
c:\windows\unrar.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

[sammuray]

provedeno, zde je log:


ComboFix 11-07-31.02 - Otas 31.07.2011 18:58:10.3.4 - x64
Microsoft Windows 7 Home Premium
Spuštěný z: c:\users\Otas\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Otas\Desktop\CFScript.txt
AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\unrar.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-28 do 2011-07-31 )))))))))))))))))))))))))))))))
.
.
2011-07-31 17:02 . 2011-07-31 17:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-07-31 17:02 . 2011-07-31 17:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-31 10:12 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-31 10:04 . 2011-07-31 10:04 -------- d-----w- c:\users\Otas\AppData\Roaming\Malwarebytes
2011-07-31 10:04 . 2011-07-31 10:04 -------- d-----w- c:\programdata\Malwarebytes
2011-07-31 10:04 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-31 07:37 . 2011-07-31 07:37 -------- d-----w- C:\rsit
2011-07-13 17:57 . 2011-06-02 06:45 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-13 17:57 . 2011-06-02 06:44 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 17:57 . 2011-06-02 06:35 338944 ----a-w- c:\windows\system32\conhost.exe
2011-07-13 17:57 . 2011-06-02 06:45 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-13 17:57 . 2011-06-02 06:42 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-13 17:57 . 2011-06-02 05:59 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-13 17:57 . 2011-06-02 05:56 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-12 15:48 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{960687F0-2038-407F-82B7-5BC1905B17CA}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-30 09:36 . 2011-01-05 20:28 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-30 09:36 . 2011-01-05 20:28 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-29 18:56 . 2011-06-29 18:56 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-06-29 18:56 . 2011-06-29 18:56 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-06-29 18:56 . 2011-06-29 18:56 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 18:56 . 2011-06-29 18:56 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-06-29 18:56 . 2011-06-29 18:56 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-06-29 18:55 . 2011-06-29 18:55 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2011-06-29 18:55 . 2011-06-29 18:55 75264 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-29 18:55 . 2011-06-29 18:55 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2011-06-29 18:55 . 2011-06-29 18:55 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2011-06-29 18:55 . 2011-06-29 18:55 593408 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 18:55 . 2011-06-29 18:55 428032 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2011-06-29 18:55 . 2011-06-29 18:55 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2011-06-29 18:55 . 2011-06-29 18:55 2326016 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 18:55 . 2011-06-29 18:55 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2011-06-29 18:55 . 2011-06-29 18:55 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2011-06-29 18:55 . 2011-06-29 18:55 1553920 ----a-w- c:\windows\SysWow64\tquery.dll
2011-06-29 18:55 . 2011-06-29 18:55 1401856 ----a-w- c:\windows\SysWow64\mssrch.dll
2011-06-29 18:55 . 2011-06-29 18:55 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 18:55 . 2011-06-29 18:55 491520 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 18:55 . 2011-06-29 18:55 779264 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 18:55 . 2011-06-29 18:55 288256 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 18:55 . 2011-06-29 18:55 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-29 18:55 . 2011-06-29 18:55 2228224 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 18:54 . 2011-06-29 18:54 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-06-29 18:54 . 2011-06-29 18:54 57856 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-29 18:54 . 2011-06-29 18:54 482816 ----a-w- c:\windows\system32\html.iec
2011-06-29 18:54 . 2011-06-29 18:54 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-06-29 18:54 . 2011-06-29 18:54 386048 ----a-w- c:\windows\SysWow64\html.iec
2011-06-29 18:54 . 2011-06-29 18:54 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-06-29 18:54 . 2011-06-29 18:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-29 18:54 . 2011-06-29 18:54 1197056 ----a-w- c:\windows\system32\wininet.dll
2011-06-29 18:52 . 2011-06-29 18:52 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-29 18:52 . 2011-06-29 18:52 399872 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-29 18:52 . 2011-06-29 18:52 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-29 18:52 . 2011-06-29 18:52 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-29 18:52 . 2011-06-29 18:52 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-06-29 18:51 . 2011-06-29 18:51 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-29 18:51 . 2011-06-29 18:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-29 18:51 . 2011-06-29 18:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-29 18:51 . 2011-06-29 18:51 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-29 18:51 . 2011-06-29 18:51 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-06-07 02:39 . 2011-06-07 02:39 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-06-07 02:39 . 2011-06-07 02:39 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-06-07 02:39 . 2011-06-07 02:39 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-06-07 02:39 . 2011-06-07 02:39 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-06-07 02:39 . 2011-06-07 02:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-06-07 02:39 . 2011-06-07 02:39 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-06-07 02:38 . 2011-06-07 02:38 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-06-07 02:38 . 2011-06-07 02:38 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-06-07 02:38 . 2011-06-07 02:38 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-06-07 02:38 . 2011-06-07 02:38 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-06-07 02:38 . 2011-06-07 02:38 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-06-07 02:38 . 2011-06-07 02:38 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-07 02:38 . 2011-06-07 02:38 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-06-07 02:38 . 2011-06-07 02:38 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-06-07 02:38 . 2011-06-07 02:38 109056 ----a-w- c:\windows\system32\drivers\sdbus.sys
2011-06-02 05:56 . 2011-07-13 17:57 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-24 17:14 . 2010-10-22 11:04 270720 ------w- c:\windows\system32\MpSigStub.exe
2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
2006-05-03 09:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-31_11.58.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-07-31 06:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-07-31 16:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-07-31 06:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-31 16:32 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-31 16:32 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-31 06:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2011-07-31 16:37 35956 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-07-31 06:29 35956 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-22 10:46 . 2011-07-31 16:37 16388 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1530778059-3406816446-1209970324-1002_UserData.bin
+ 2010-10-23 01:37 . 2011-07-31 16:32 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-23 01:37 . 2011-07-31 06:27 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-23 01:37 . 2011-07-31 16:32 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-23 01:37 . 2011-07-31 06:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-31 16:32 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-31 06:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-22 10:57 . 2011-07-31 16:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-22 10:57 . 2011-07-31 06:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-22 10:57 . 2011-07-31 16:34 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-22 10:57 . 2011-07-31 06:28 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-22 10:57 . 2011-07-31 06:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-22 10:57 . 2011-07-31 16:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-22 10:40 . 2011-07-31 11:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-22 10:40 . 2011-07-31 17:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-22 10:40 . 2011-07-31 17:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-22 10:40 . 2011-07-31 11:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-31 16:32 . 2011-07-31 16:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-31 06:27 . 2011-07-31 06:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-31 06:27 . 2011-07-31 06:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-31 16:32 . 2011-07-31 16:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-07-30 21:32 441100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-07-31 16:31 441100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:34 . 2011-07-31 16:42 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-07-31 07:29 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Malwarebytes' Anti-Malware"="d:\programy\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Network Server.lnk - c:\program files (x86)\WIBUKEY\Server\WkSvMgr.exe [2011-4-8 3768320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-09-29 917768]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WkSvw32.exe;WIBU-KEY Server;c:\program files (x86)\WIBUKEY\Server\WkSvw32.exe [2006-11-22 577536]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdvancedSystemCareService;Advanced SystemCare Service;d:\programy\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720]
S2 MBAMService;MBAMService;d:\programy\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-10-07 1641064]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-07 369256]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:62747
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
.
.
.
Celkový čas: 2011-07-31 19:04:04
ComboFix-quarantined-files.txt 2011-07-31 17:04
ComboFix2.txt 2011-07-31 16:39
ComboFix3.txt 2011-07-31 12:00
.
Před spuštěním: Volných bajtů: 77 216 714 752
Po spuštění: Volných bajtů: 77 151 596 544
.
- - End Of File - - 0D7BE5B6C61A88DEF645D60DDE7DC047

[Danstahr]

Už je to lepší, omlouvám se. Od viru by mělo být čisto, ještě je potřeba přeinstalovat antivir. Po reinstalování hoďte kontrolní log z RSIT.

[sammuray]

Moc jste mi pomohl, mockrát díky. Kdybych ještě narazil na problém tak se ozvu. Hezký zbytek dne!

[Danstahr]

Pokud vše pojede bez problémů, po reinstalování antiviru tedy ještě vyčistěte PC od používaných programů. Některé antiviry mohou tyto utility chybně označit za vir, pokud by se tak stalo, hlášku ignorujte, popř. antivir dočasně vypněte. Po použití utility smažte.

Stiskněte současně klávesy Win (mezi CTRL a ALT, logo Windows) + R, do okna napište combofix /uninstall a stiskněte ENTER.

Stáhněte T-Cleaner. Potvrzování se provádí stisknutím A.

Stáhněte OTC, Spusťte jej a stiskněte CleanUp! Bude následovat restart.

Stáhněte TFC, spusťte jej a dejte Start.

Stáhněte CCleaner, nainstalujte a spusťte.

• Na záložce Čistič stiskněte tlačítko Spustit Cleaner
• Po provedení přepněte na záložku Registry, stiskněte Hledej problémy a poté Opravit vybrané problémy. Opakujte, dokud nebude po hledání problémů seznam prázdný.

[sammuray]

Všechny další testy ok, díky...

[Danstahr]

Není zač, a příště snad v preventivkách !