FB virus - prosim skontrolovat log

[dano1984]

Zdravim, tiez som jeden zo skupiny uspesne napadnutych, nizsie posielam log. Diki moc vopred !


Logfile of random's system information tool 1.09 (written by random/random)
Run by Del at 2011-10-30 17:30:37
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 300 GB (65%) free of 464 GB
Total RAM: 3764 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:30:43, on 30. 10. 2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\update.tray-12-0\svchost.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\update.tray-9-0\svchost.exe
C:\Windows\update.tray-8-0\svchost.exe
C:\Windows\sysdriver32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\BitTorrent\bittorrent.exe
E:\ceafex.exe
C:\Users\Del\biaxo.exe
F:\biaxox.exe
C:\Users\Del\AppData\Local\Temp\gnqeb.exe
C:\Users\Del\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Del\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Del\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Del\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Del\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Del.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (file missing)
R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110922111632.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (file missing)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [wxpdrv] C:\Windows\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\Windows\update.tray-12-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico1] C:\Windows\update.tray-9-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico2] C:\Windows\update.tray-8-0\svchost.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [5477912.exe] "C:\Windows\Temp\5477912.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\Windows\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\Windows\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [1712881.exe] "C:\Users\Del\AppData\Local\Temp\1712881.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [3045167.exe] "C:\Users\Del\AppData\Local\Temp\3045167.exe"
O4 - HKLM\..\Run: [6732105.exe] "C:\Users\Del\AppData\Local\Temp\6732105.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Del\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [biaxo] C:\Users\Del\biaxo.exe /N
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Acer VCM.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (file missing)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira Realtime Protection (AntiVirService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: ArcGIS License Manager - Unknown owner - C:\Program Files (x86)\ESRI\License\arcgis9x\lmgrd.exe (file missing)
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - Unknown owner - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (file missing)
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - Unknown owner - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (file missing)
O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\Program Files\mcafee\VirusScan\mcods.exe (file missing)
O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe (file missing)
O23 - Service: McAfee Firewall Core Service (mfefire) - Unknown owner - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe (file missing)
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - Unknown owner - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: srvbtcclient - Unknown owner - C:\Windows\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\Windows\update.2\svchost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: wxpdrivers - Cronosoft - C:\Windows\update.1\svchost.exe

--
End of file - 15048 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"
"C:\Program Files (x86)\Launch Manager\LMutilps32.exe" --system-level-mutex="Local\{B904A927-FE6B-48fd-8C83-6B807BED1F9C}" --enable-wmi-window
"C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe"
"C:\Program Files (x86)\Acer\Registration\GREGsvc.exe"
"C:\Program Files\Acer\Acer Updater\UpdaterService.exe"
"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE
"C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe"
"C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
"C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe"
"C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\update.1\svchost.exe srv
WLIDSvcM.exe 1252
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\igfxext.exe -Embedding
"C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
"C:\Program Files (x86)\Launch Manager\LManager.exe"
"C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe"
"C:\Windows\update.tray-12-0\svchost.exe"
"C:\Program Files (x86)\Launch Manager\LMworker.exe"
"C:\Windows\update.tray-9-0\svchost.exe"
"C:\Windows\update.tray-8-0\svchost.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Windows\sysdriver32.exe" rezerv
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\update.2\svchost.exe srv
"C:\Windows\update.2\svchost.exe" stand
C:\Windows\update.5.0\svchost.exe srv
"C:\Windows\update.5.0\svchost.exe" stand
"C:\Windows\system32\wuauclt.exe"
C:\Windows\ufa\ufa.exe -o http://127.0.0.1:11163
\??\C:\Windows\system32\conhost.exe "-1572728352722682168-954945108744598432314434835-1345724833-11208652501063212062
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" /NOINSTALL
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"E:\ceafex.exe" webguard "C:\Programy\# INSTAL\wrar362cz.exe"
"C:\Users\Del\biaxo.exe"
"F:\biaxox.exe" DCIM
C:\Users\Del\AppData\Local\Temp\gnqeb.exe
"C:\Windows\update.2\svchost.exe" spamer
"C:\Windows\update.2\svchost.exe" spamer
"C:\Windows\update.2\svchost.exe" spamer
"C:\Windows\update.2\svchost.exe" spamer
"C:\Users\Del\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Del\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Prefetch/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd10/SpdyImpact/npn_with_spdy/SuggestHostPrefix/Www_Prefix/WarmSocketImpact/warm_socket/ --enable-print-preview --channel=9352.077FB6E0.1278491251 /prefetch:3
C:\Windows\system32\rundll32.exe "C:\Users\Del\AppData\Local\Google\Chrome\APPLIC~1\150874~1.106\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\Del\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Del\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll" --lang=sk --channel=9352.09140A80.48772188 --flash-broker=10412 /prefetch:4
"C:\Users\Del\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Prefetch/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd10/SpdyImpact/npn_with_spdy/SuggestHostPrefix/Www_Prefix/WarmSocketImpact/warm_socket/ --enable-print-preview --channel=9352.09B83580.1141752858 /prefetch:3
taskeng.exe {64BC58D6-37F3-4D34-8A9D-E2AAE76311C5}
"C:\Users\Del\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Prefetch/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd10/SpdyImpact/npn_with_spdy/SuggestHostPrefix/Www_Prefix/WarmSocketImpact/warm_socket/ --enable-print-preview --channel=9352.09B83C60.266994017 /prefetch:3
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Del\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Acer Registration - Reminder Recall task.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4104132577-2480194942-3805754471-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4104132577-2480194942-3805754471-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110922111632.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110922111632.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02 1089288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-10-30 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll []
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02 1089288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-05-09 168216]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-05-09 392472]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-05-09 416024]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-03-28 2723624]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-05-17 11855976]
"Power Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2011-02-23 1796200]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Del\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 209904]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-10-13 17427080]
"biaxo"=C:\Users\Del\biaxo.exe [2011-10-30 361235]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey []
"Norton Online Backup"=C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2010-06-01 1155928]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-28 105328]
"BackupManagerTray"=C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [2011-04-24 297280]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2011-04-19 1097808]
"wxpdrv"=C:\Windows\services32.exe [2011-10-30 1189376]
"tray_ico"= []
"tray_ico0"=C:\Windows\update.tray-12-0\svchost.exe [2011-10-30 1109504]
"tray_ico1"=C:\Windows\update.tray-9-0\svchost.exe [2011-10-30 1109504]
"tray_ico2"=C:\Windows\update.tray-8-0\svchost.exe [2011-10-30 1109504]
"tray_ico3"= []
"tray_ico4"= []
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min []
"5477912.exe"=C:\Windows\Temp\5477912.exe [2011-10-30 343552]
"sysdriver32.exe"=C:\Windows\sysdriver32.exe [2011-10-30 258048]
"sysdriver32_.exe"=C:\Windows\sysdriver32_.exe [2011-10-30 258048]
"1712881.exe"=C:\Users\Del\AppData\Local\Temp\1712881.exe []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"3045167.exe"=C:\Users\Del\AppData\Local\Temp\3045167.exe []
"6732105.exe"=C:\Users\Del\AppData\Local\Temp\6732105.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Acer VCM.lnk - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-04-15 385024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-10-30 17:30:37 ----D---- C:\Program Files\trend micro
2011-10-30 17:30:36 ----D---- C:\rsit
2011-10-30 16:27:01 ----RSH---- C:\bvqdx.pif
2011-10-30 14:57:09 ----D---- C:\Windows\ufa
2011-10-30 14:57:09 ----D---- C:\Windows\rpcminer
2011-10-30 14:57:09 ----D---- C:\Windows\phoenix
2011-10-30 14:57:00 ----A---- C:\Windows\iecheck_iplist.txt
2011-10-30 14:56:54 ----A---- C:\Windows\btc_client_iplist.txt
2011-10-30 14:56:37 ----D---- C:\Users\Del\AppData\Roaming\WinRAR
2011-10-30 14:56:35 ----A---- C:\Windows\unrar.exe
2011-10-30 14:56:33 ----HD---- C:\Windows\update.5.0
2011-10-30 14:56:25 ----HD---- C:\Windows\update.2
2011-10-30 14:55:38 ----A---- C:\Windows\iplist.txt
2011-10-30 14:45:50 ----D---- C:\ProgramData\AVG7
2011-10-30 14:24:15 ----D---- C:\Windows\Sun
2011-10-30 14:24:13 ----D---- C:\ProgramData\Sun
2011-10-30 14:23:58 ----A---- C:\Windows\SYSWOW64\javaws.exe
2011-10-30 14:23:58 ----A---- C:\Windows\SYSWOW64\javaw.exe
2011-10-30 14:23:58 ----A---- C:\Windows\SYSWOW64\java.exe
2011-10-30 14:23:58 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2011-10-30 14:23:48 ----D---- C:\Program Files (x86)\Java
2011-10-30 13:53:26 ----D---- C:\ProgramData\McAfee
2011-10-30 13:38:19 ----HD---- C:\Windows\update.tray-12-0-lnk
2011-10-30 13:38:19 ----HD---- C:\Windows\update.tray-12-0
2011-10-30 12:04:31 ----D---- C:\Users\Del\AppData\Roaming\AVG7
2011-10-30 12:04:09 ----A---- C:\Windows\SYSWOW64\msvcp71.dll
2011-10-30 11:51:21 ----A---- C:\Windows\sysdriver32_.exe
2011-10-30 11:51:07 ----A---- C:\Windows\sysdriver32.exe
2011-10-30 11:49:36 ----HD---- C:\Windows\update.tray-8-0-lnk
2011-10-30 11:49:36 ----HD---- C:\Windows\update.tray-8-0
2011-10-30 11:42:04 ----A---- C:\Windows\front_ip_list.txt
2011-10-30 11:37:14 ----D---- C:\Users\Del\AppData\Roaming\Avira
2011-10-30 11:36:58 ----A---- C:\Windows\system32\drivers\avkmgr.sys
2011-10-30 11:36:58 ----A---- C:\Windows\system32\drivers\avipbb.sys
2011-10-30 11:36:58 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2011-10-30 11:06:05 ----D---- C:\Windows\av_ico
2011-10-30 11:04:49 ----HD---- C:\Windows\update.1
2011-10-30 11:04:40 ----HD---- C:\Windows\update.tray-9-0-lnk
2011-10-30 11:04:40 ----HD---- C:\Windows\update.tray-9-0
2011-10-30 10:54:31 ----A---- C:\Windows\winlog-ids.txt
2011-10-30 10:54:31 ----A---- C:\Windows\winlog-dirs.txt
2011-10-30 10:54:25 ----A---- C:\Windows\services32.exe
2011-10-29 12:19:15 ----D---- C:\Windows\SYSWOW64\Adobe
2011-10-26 22:19:31 ----D---- C:\Users\Del\AppData\Roaming\Azureus
2011-10-24 20:07:34 ----D---- C:\Program Files (x86)\iDailyDiary
2011-10-19 10:07:04 ----D---- C:\Users\Del\AppData\Roaming\Windows Live Writer
2011-10-16 08:37:24 ----D---- C:\other
2011-10-16 08:17:16 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-10-16 08:17:16 ----A---- C:\Windows\system32\mshtmled.dll
2011-10-16 08:17:15 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-10-16 08:17:15 ----A---- C:\Windows\SYSWOW64\url.dll
2011-10-16 08:17:15 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-10-16 08:17:15 ----A---- C:\Windows\system32\urlmon.dll
2011-10-16 08:17:15 ----A---- C:\Windows\system32\url.dll
2011-10-16 08:17:15 ----A---- C:\Windows\system32\iertutil.dll
2011-10-16 08:17:14 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-10-16 08:17:14 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-10-16 08:17:14 ----A---- C:\Windows\system32\wininet.dll
2011-10-16 08:17:14 ----A---- C:\Windows\system32\jsproxy.dll
2011-10-16 08:17:14 ----A---- C:\Windows\system32\jscript9.dll
2011-10-16 08:17:14 ----A---- C:\Windows\system32\ieui.dll
2011-10-16 08:17:13 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-10-16 08:17:13 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2011-10-16 08:17:13 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-10-16 08:17:13 ----A---- C:\Windows\system32\jscript.dll
2011-10-16 08:17:12 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-10-16 08:17:11 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-10-16 08:17:11 ----A---- C:\Windows\system32\mshtml.dll
2011-10-16 08:17:10 ----A---- C:\Windows\system32\ieframe.dll
2011-10-14 17:33:39 ----A---- C:\Windows\SYSWOW64\psisdecd.dll
2011-10-14 17:33:39 ----A---- C:\Windows\system32\psisdecd.dll
2011-10-14 17:32:17 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2011-10-14 17:32:17 ----A---- C:\Windows\SYSWOW64\oleacc.dll
2011-10-14 17:32:17 ----A---- C:\Windows\system32\oleaut32.dll
2011-10-14 17:32:17 ----A---- C:\Windows\system32\oleacc.dll
2011-10-14 17:25:40 ----A---- C:\Windows\system32\win32k.sys
2011-10-12 22:44:15 ----D---- C:\Users\Del\AppData\Roaming\Corel
2011-10-12 22:44:15 ----ASH---- C:\ProgramData\KGyGaAvL.sys
2011-10-12 21:24:35 ----D---- C:\Users\Del\AppData\Roaming\ICQ
2011-10-12 21:24:26 ----D---- C:\Program Files (x86)\ICQ7.6
2011-10-11 23:36:20 ----D---- C:\Users\Del\AppData\Roaming\vlc
2011-10-11 23:34:22 ----D---- C:\Program Files (x86)\VideoLAN
2011-10-05 16:11:52 ----D---- C:\Program Files\Zoner

======List of files/folders modified in the last 1 month======

2011-10-30 17:30:37 ----RD---- C:\Program Files
2011-10-30 17:30:08 ----D---- C:\Users\Del\AppData\Roaming\BitTorrent
2011-10-30 16:26:21 ----A---- C:\Windows\system.ini
2011-10-30 16:21:21 ----D---- C:\Windows\Temp
2011-10-30 16:17:19 ----D---- C:\Windows\System32
2011-10-30 16:17:19 ----D---- C:\Windows\inf
2011-10-30 16:17:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-10-30 15:36:40 ----A---- C:\Windows\wtran32.INI
2011-10-30 15:36:25 ----D---- C:\Windows
2011-10-30 15:06:47 ----D---- C:\Windows\system32\config
2011-10-30 14:56:54 ----D---- C:\Windows\system32\drivers\etc
2011-10-30 14:51:48 ----A---- C:\Windows\SYSWOW64\log.txt
2011-10-30 14:50:39 ----D---- C:\Users\Del\AppData\Roaming\Skype
2011-10-30 14:48:49 ----RD---- C:\Program Files (x86)
2011-10-30 14:48:46 ----SHD---- C:\System Volume Information
2011-10-30 14:48:42 ----SD---- C:\Users\Del\AppData\Roaming\Microsoft
2011-10-30 14:48:42 ----D---- C:\Windows\SYSWOW64\drivers
2011-10-30 14:48:42 ----D---- C:\Windows\SysWOW64
2011-10-30 14:48:42 ----D---- C:\Windows\system32\drivers
2011-10-30 14:48:42 ----D---- C:\Windows\system
2011-10-30 14:48:19 ----HD---- C:\ProgramData
2011-10-30 14:24:13 ----SHD---- C:\Windows\Installer
2011-10-30 14:24:12 ----D---- C:\Program Files (x86)\Common Files
2011-10-30 13:54:54 ----D---- C:\Windows\system32\catroot2
2011-10-30 11:57:24 ----D---- C:\Windows\Prefetch
2011-10-30 11:39:56 ----D---- C:\Windows\system32\catroot
2011-10-30 11:37:01 ----D---- C:\Windows\system32\DriverStore
2011-10-30 11:27:55 ----A---- C:\Windows\winamp.ini
2011-10-30 11:04:47 ----D---- C:\Program Files\Common Files
2011-10-29 19:45:56 ----A---- C:\Windows\avisplitter.ini
2011-10-29 13:04:39 ----D---- C:\Music
2011-10-27 23:18:15 ----D---- C:\Windows\Tasks
2011-10-27 19:47:49 ----D---- C:\Foto
2011-10-27 17:47:34 ----D---- C:\Windows\system32\Tasks
2011-10-27 17:47:32 ----RD---- C:\Program Files (x86)\Skype
2011-10-27 17:47:30 ----D---- C:\ProgramData\Skype
2011-10-27 10:30:46 ----D---- C:\Windows\winsxs
2011-10-25 00:17:55 ----D---- C:\Windows\Microsoft.NET
2011-10-25 00:17:37 ----RSD---- C:\Windows\assembly
2011-10-25 00:03:57 ----D---- C:\ProgramData\Microsoft Help
2011-10-19 19:18:00 ----D---- C:\Film
2011-10-17 19:12:58 ----D---- C:\Program Files (x86)\K-Lite Codec Pack
2011-10-17 14:37:28 ----D---- C:\Windows\system32\wdi
2011-10-17 07:08:39 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-10-17 07:07:37 ----D---- C:\Windows\SYSWOW64\migration
2011-10-17 07:07:37 ----D---- C:\Program Files\Internet Explorer
2011-10-17 07:07:37 ----D---- C:\Program Files (x86)\Internet Explorer
2011-10-17 07:07:36 ----D---- C:\Windows\system32\migration
2011-10-17 07:07:35 ----D---- C:\Windows\ehome
2011-10-12 21:24:53 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-10-05 16:48:35 ----D---- C:\Users\Del\AppData\Roaming\Zoner
2011-10-02 11:52:26 ----D---- C:\Windows\Downloaded Installations

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2010-11-05 438808]
R0 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2011-04-14 530304]
R0 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys [2011-04-14 283744]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2011-09-18 130760]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2011-09-15 27760]
R1 mfenlfk;McAfee NDIS Light Filter; C:\Windows\system32\DRIVERS\mfenlfk.sys [2011-04-14 75160]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2011-09-15 97312]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-03-17 2712064]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\drivers\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-04-15 12228128]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-05-17 2872680]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2011-04-14 190520]
R3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys [2011-04-14 441840]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2011-03-10 18432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-12-01 250984]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-03-28 1417776]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2011-03-10 17408]
S2 Sentinel;Sentinel; C:\Windows\System32\Drivers\SENTINEL64.SYS [2006-04-20 141888]
S3 cfwids;McAfee Inc. cfwids; C:\Windows\system32\drivers\cfwids.sys [2011-04-14 63056]
S3 mfeapfk;McAfee Inc. mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [2011-04-14 121376]
S3 mferkdet;McAfee Inc. mferkdet; C:\Windows\system32\drivers\mferkdet.sys [2011-04-14 94992]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-04-19 353872]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-02-23 873064]
R2 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-01-18 39528]
R2 IviRegMgr;IviRegMgr; C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2010-05-21 110736]
R2 Live Updater Service;Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-09-16 325656]
R2 NOBU;Norton Online Backup; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-06-01 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-11 193824]
R2 RS_Service;Raw Socket Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-02-25 249648]
R2 srvbtcclient;srvbtcclient; C:\Windows\update.5.0\svchost.exe [2011-10-30 344576]
R2 srviecheck;srviecheck; C:\Windows\update.2\svchost.exe [2011-10-30 1942528]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-09-16 2538520]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R2 wxpdrivers;wxpdrivers; C:\Windows\update.1\svchost.exe [2011-10-30 1109504]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 AntiVirService;Avira Realtime Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe []
S2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe []
S2 ArcGIS License Manager;ArcGIS License Manager; C:\Program Files (x86)\ESRI\License\arcgis9x\lmgrd.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc []
S2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc []
S2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc []
S2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc []
S2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc []
S2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc []
S2 McShield;McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe []
S2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe []
S2 mfevtp;McAfee Validation Trust Protection Service; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe []
S2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc []
S3 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-09-28 867080]
S3 McODS;McAfee Scanner; C:\Program Files\mcafee\VirusScan\mcods.exe []
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-09-23 1255736]
S4 McOobeSv;McAfee OOBE Service; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc []
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

-----------------EOF-----------------

[Rudy]

Také zdravím!
Máte FB virus. Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

[dano1984]

kontrolu som spravil, pridavam vypis z kontroly - dufam ze je to to co potrebujete:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Verzia databázy: 8047

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

30. 10. 2011 18:48:01
mbam-log-2011-10-30 (18-47-44).txt

Typ kontroly: Úplná kontrola (C:\|)
Objektov kontrolovaných: 371649
Uplynutý čas: 41 min, 1 sek

Infikované služby pamäte: 15
Infikované moduly pamäte: 0
Infikované registračné kľúče: 8
Infikované registračné hodnoty: 12
Infikované položky registračných dát: 3
Infikované priečinky: 1
Infikované súbory: 35

Infikované služby pamäte:
c:\Windows\update.1\svchost.exe (Trojan.Agent) -> 1564 -> No action taken.
c:\Windows\update.tray-12-0\svchost.exe (Trojan.Agent) -> 3176 -> No action taken.
c:\Windows\update.tray-9-0\svchost.exe (Trojan.Agent) -> 3208 -> No action taken.
c:\Windows\update.tray-8-0\svchost.exe (Trojan.Agent) -> 3224 -> No action taken.
c:\Windows\sysdriver32.exe (Trojan.Agent) -> 3292 -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 2832 -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 2580 -> No action taken.
c:\Windows\ufa\ufa.exe (PUP.BitMiner) -> 3124 -> No action taken.
c:\Users\Del\AppData\Local\Temp\gnqeb.exe (Trojan.Agent) -> 5980 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 4844 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 1560 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 12720 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 14304 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 12728 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 3528 -> No action taken.

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.

Infikované registračné hodnoty:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Agent) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico1 (Trojan.Agent) -> Value: tray_ico1 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico2 (Trojan.Agent) -> Value: tray_ico2 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5477912.exe (Trojan.Agent) -> Value: 5477912.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Backdoor.Agent) -> Value: wxpdrv -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1712881.exe (Trojan.Downloader.Gen) -> Value: 1712881.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3045167.exe (Trojan.Downloader.Gen) -> Value: 3045167.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6732105.exe (Trojan.Downloader.Gen) -> Value: 6732105.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.

Infikované položky registračných dát:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované priečinky:
c:\Windows\rpcminer (Trojan.BCMiner) -> No action taken.

Infikované súbory:
c:\Windows\update.1\svchost.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.tray-12-0\svchost.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.tray-9-0\svchost.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.tray-8-0\svchost.exe (Trojan.Agent) -> No action taken.
c:\Windows\sysdriver32.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.
c:\Windows\ufa\ufa.exe (PUP.BitMiner) -> No action taken.
c:\Users\Del\AppData\Local\Temp\gnqeb.exe (Trojan.Agent) -> No action taken.
c:\Windows\sysdriver32_.exe (Trojan.Agent) -> No action taken.
c:\bvqdx.pif (Malware.Packer.Gen) -> No action taken.
c:\Users\Del\AppData\Local\Google\Chrome\user data\Default\Cache\f_005fc8 (Trojan.Agent) -> No action taken.
c:\Users\Del\AppData\Local\Google\Chrome\user data\Default\Cache\f_005fca (Trojan.Agent) -> No action taken.
c:\Users\Del\downloads\flash-player.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\18470_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\2772330.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.tray-12-0-lnk\svchost.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.tray-8-0-lnk\svchost.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.tray-9-0-lnk\svchost.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\5477912.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> No action taken.
c:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\services32.exe (Backdoor.Agent) -> No action taken.

[Rudy]

Smažte vše, co MBAM nalezl. Restartujte PC a dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[dano1984]

prosim, tu je log z ComboFix:


ComboFix 11-10-30.03 - Del . 10. 2011 19:27:56.1.4 - x64
Running from: c:\users\Del\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Autorun.inf
C:\bvqdx.pif
c:\users\Del\biaxo.exe /p
c:\users\Del\biaxo.exe
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\PFRO.log
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\SysWow64\regobj.dll
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-30 )))))))))))))))))))))))))))))))
.
.
2011-10-30 18:34 . 2011-10-30 18:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-30 17:03 . 2011-10-30 17:03 -------- d-----w- c:\users\Del\AppData\Roaming\Malwarebytes
2011-10-30 17:02 . 2011-10-30 17:02 -------- d-----w- c:\programdata\Malwarebytes
2011-10-30 17:02 . 2011-10-30 17:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-30 17:02 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-30 16:30 . 2011-10-30 16:30 -------- d-----w- c:\program files\trend micro
2011-10-30 16:30 . 2011-10-30 16:30 -------- d-----w- C:\rsit
2011-10-30 13:57 . 2011-10-30 13:57 -------- d-----w- c:\windows\ufa
2011-10-30 13:56 . 2011-10-30 13:57 246272 ----a-w- c:\windows\unrar.exe
2011-10-30 13:45 . 2011-10-30 13:48 -------- d-----w- c:\programdata\AVG7
2011-10-30 13:24 . 2011-10-30 13:24 -------- d-----w- c:\windows\Sun
2011-10-30 13:24 . 2011-10-30 13:24 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-10-30 13:23 . 2011-10-30 13:23 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-30 13:23 . 2011-10-30 13:23 -------- d-----w- c:\program files (x86)\Java
2011-10-30 12:53 . 2011-10-30 12:53 -------- d-----w- c:\programdata\McAfee
2011-10-30 12:38 . 2011-10-30 18:18 -------- d--h--w- c:\windows\update.tray-12-0
2011-10-30 12:38 . 2011-10-30 18:18 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-10-30 11:04 . 2011-10-30 11:04 -------- d-----w- c:\users\Del\AppData\Roaming\AVG7
2011-10-30 11:04 . 2011-10-30 11:04 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-10-30 10:49 . 2011-10-30 18:18 -------- d--h--w- c:\windows\update.tray-8-0
2011-10-30 10:49 . 2011-10-30 18:18 -------- d--h--w- c:\windows\update.tray-8-0-lnk
2011-10-30 10:37 . 2011-10-30 10:37 -------- d-----w- c:\users\Del\AppData\Roaming\Avira
2011-10-30 10:36 . 2011-09-18 07:39 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-30 10:36 . 2011-09-15 22:55 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-30 10:36 . 2011-09-15 22:55 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-30 10:06 . 2011-10-30 10:50 -------- d-----w- c:\windows\av_ico
2011-10-30 10:04 . 2011-10-30 18:18 -------- d--h--w- c:\windows\update.tray-9-0
2011-10-30 10:04 . 2011-10-30 18:18 -------- d--h--w- c:\windows\update.tray-9-0-lnk
2011-10-29 11:19 . 2011-10-29 11:19 -------- d-----w- c:\windows\SysWow64\Adobe
2011-10-26 21:19 . 2011-10-26 21:19 -------- d-----w- c:\users\Del\.swt
2011-10-26 21:19 . 2011-10-26 21:45 -------- d-----w- c:\users\Del\AppData\Roaming\Azureus
2011-10-26 21:14 . 2011-10-26 21:53 -------- d-----w- c:\users\Del\AppData\Local\Conduit
2011-10-24 23:03 . 2011-10-24 23:03 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-10-24 19:07 . 2011-10-24 23:00 -------- d-----w- c:\program files (x86)\iDailyDiary
2011-10-19 09:07 . 2011-10-19 09:07 -------- d-----w- c:\users\Del\AppData\Local\Windows Live Writer
2011-10-19 09:07 . 2011-10-19 09:07 -------- d-----w- c:\users\Del\AppData\Roaming\Windows Live Writer
2011-10-16 07:37 . 2011-10-16 07:37 -------- d-----w- C:\other
2011-10-14 16:33 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-14 16:33 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-14 16:33 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-14 16:33 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-14 16:32 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-14 16:32 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-14 16:32 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-14 16:32 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-14 16:25 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 21:44 . 2011-10-12 21:44 -------- d-----w- c:\users\Del\AppData\Roaming\Corel
2011-10-12 21:44 . 2011-10-12 21:44 952 --sha-w- c:\programdata\KGyGaAvL.sys
2011-10-12 21:44 . 2011-10-12 21:44 -------- d-----w- c:\users\Del\Corel
2011-10-12 20:24 . 2011-10-17 13:41 -------- d-----w- c:\users\Del\AppData\Roaming\ICQ
2011-10-12 20:24 . 2011-10-12 20:25 -------- d-----w- c:\program files (x86)\ICQ7.6
2011-10-11 22:36 . 2011-10-11 22:36 -------- d-----w- c:\users\Del\AppData\Roaming\vlc
2011-10-11 22:34 . 2011-10-11 22:34 -------- d-----w- c:\program files (x86)\VideoLAN
2011-10-05 15:12 . 2011-10-05 15:12 -------- d-----w- c:\users\Del\AppData\Local\Zoner
2011-10-05 15:11 . 2011-10-05 15:11 -------- d-----w- c:\program files\Zoner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-30 18:37 . 2011-10-30 18:37 103140 --sh--r- C:\hrgufc.exe
2011-10-09 15:17 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-20 16:42 . 2011-09-20 16:42 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-20 16:42 . 2011-09-20 16:42 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-09-20 16:42 . 2011-09-20 16:42 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-09-20 16:42 . 2011-09-20 16:42 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-20 16:42 . 2011-09-20 16:42 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-09-20 16:42 . 2011-09-20 16:42 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-09-20 16:42 . 2011-09-20 16:42 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-09-20 16:42 . 2011-09-20 16:42 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-20 16:42 . 2011-09-20 16:42 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-09-20 16:42 . 2011-09-20 16:42 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-20 16:42 . 2011-09-20 16:42 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-09-20 16:42 . 2011-09-20 16:42 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-09-20 16:42 . 2011-09-20 16:42 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-20 16:42 . 2011-09-20 16:42 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-20 16:42 . 2011-09-20 16:42 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-09-20 16:42 . 2011-09-20 16:42 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-09-20 16:42 . 2011-09-20 16:42 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-09-20 16:42 . 2011-09-20 16:42 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-09-20 16:42 . 2011-09-20 16:42 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-20 16:42 . 2011-09-20 16:42 448512 ----a-w- c:\windows\system32\html.iec
2011-09-20 16:42 . 2011-09-20 16:42 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-09-20 16:42 . 2011-09-20 16:42 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-09-20 16:42 . 2011-09-20 16:42 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-20 16:42 . 2011-09-20 16:42 222208 ----a-w- c:\windows\system32\msls31.dll
2011-09-20 16:42 . 2011-09-20 16:42 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-20 16:42 . 2011-09-20 16:42 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-09-20 16:42 . 2011-09-20 16:42 160256 ----a-w- c:\windows\system32\wextract.exe
2011-09-20 16:42 . 2011-09-20 16:42 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-09-20 16:42 . 2011-09-20 16:42 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-20 16:42 . 2011-09-20 16:42 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-20 16:42 . 2011-09-20 16:42 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-20 16:42 . 2011-09-20 16:42 12288 ----a-w- c:\windows\system32\mshta.exe
2011-09-20 16:42 . 2011-09-20 16:42 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-09-20 16:42 . 2011-09-20 16:42 114176 ----a-w- c:\windows\system32\admparse.dll
2011-09-20 16:42 . 2011-09-20 16:42 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-20 16:42 . 2011-09-20 16:42 101888 ----a-w- c:\windows\SysWow64\admparse.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17427080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 105328]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-04-19 1097808]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 ArcGIS License Manager;ArcGIS License Manager;c:\program files (x86)\ESRI\License\arcgis9x\lmgrd.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-04-19 353872]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-02-23 873064]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-01-18 39528]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-09-16 2538520]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-30 c:\windows\Tasks\Acer Registration - Reminder Recall task.job
- c:\program files (x86)\Acer\Registration\GREG.exe [2011-04-22 03:36]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4104132577-2480194942-3805754471-1000Core.job
- c:\users\Del\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 12:56]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4104132577-2480194942-3805754471-1000UA.job
- c:\users\Del\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 12:56]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 416024]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-17 11855976]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-23 1796200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 195.113.44.11 195.113.0.2
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-biaxo - c:\users\Del\biaxo.exe
Wow6432Node-HKLM-Run-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe
Wow6432Node-HKLM-Run-tray_ico - (no file)
Wow6432Node-HKLM-Run-tray_ico3 - (no file)
Wow6432Node-HKLM-Run-tray_ico4 - (no file)
Wow6432Node-HKLM-Run-avgnt - c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Avira AntiVir Desktop - c:\program files (x86)\Avira\AntiVir Desktop\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2011-10-30 19:40:22 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-30 18:40
.
Pre-Run: 314 329 882 624 bytes free
Post-Run: 314 396 418 048 bytes free
.
- - End Of File - - 8E525393253ED836459052FF777100A4

[Rudy]

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\unrar.exe

Folder::
c:\windows\ufa
c:\windows\update.tray-12-0
c:\windows\update.tray-12-0-lnk
c:\windows\update.tray-8-0
c:\windows\update.tray-8-0-lnk
c:\windows\update.tray-9-0
c:\windows\update.tray-9-0-lnk

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[dano1984]

posielam dalsi log:


ComboFix 11-10-30.03 - Del . 10. 2011 20:13:58.2.4 - x64
Running from: c:\users\Del\Downloads\ComboFix.exe
Command switches used :: c:\users\Del\Desktop\CFScript.txt
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
c:\windows\update.tray-12-0-lnk
c:\windows\update.tray-12-0
c:\windows\update.tray-8-0-lnk
c:\windows\update.tray-8-0
c:\windows\update.tray-9-0-lnk
c:\windows\update.tray-9-0
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-30 )))))))))))))))))))))))))))))))
.
.
2011-10-30 19:19 . 2011-10-30 19:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-30 18:37 . 2011-10-30 18:37 103140 --sh--r- C:\hrgufc.exe
2011-10-30 17:03 . 2011-10-30 17:03 -------- d-----w- c:\users\Del\AppData\Roaming\Malwarebytes
2011-10-30 17:02 . 2011-10-30 17:02 -------- d-----w- c:\programdata\Malwarebytes
2011-10-30 17:02 . 2011-10-30 17:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-30 17:02 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-30 16:30 . 2011-10-30 16:30 -------- d-----w- c:\program files\trend micro
2011-10-30 16:30 . 2011-10-30 16:30 -------- d-----w- C:\rsit
2011-10-30 13:45 . 2011-10-30 13:48 -------- d-----w- c:\programdata\AVG7
2011-10-30 13:24 . 2011-10-30 13:24 -------- d-----w- c:\windows\Sun
2011-10-30 13:24 . 2011-10-30 13:24 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-10-30 13:23 . 2011-10-30 13:23 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-30 13:23 . 2011-10-30 13:23 -------- d-----w- c:\program files (x86)\Java
2011-10-30 12:53 . 2011-10-30 12:53 -------- d-----w- c:\programdata\McAfee
2011-10-30 11:04 . 2011-10-30 11:04 -------- d-----w- c:\users\Del\AppData\Roaming\AVG7
2011-10-30 11:04 . 2011-10-30 11:04 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-10-30 10:37 . 2011-10-30 10:37 -------- d-----w- c:\users\Del\AppData\Roaming\Avira
2011-10-30 10:36 . 2011-09-18 07:39 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-30 10:36 . 2011-09-15 22:55 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-30 10:36 . 2011-09-15 22:55 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-30 10:06 . 2011-10-30 10:50 -------- d-----w- c:\windows\av_ico
2011-10-29 11:19 . 2011-10-29 11:19 -------- d-----w- c:\windows\SysWow64\Adobe
2011-10-26 21:19 . 2011-10-26 21:19 -------- d-----w- c:\users\Del\.swt
2011-10-26 21:19 . 2011-10-26 21:45 -------- d-----w- c:\users\Del\AppData\Roaming\Azureus
2011-10-26 21:14 . 2011-10-26 21:53 -------- d-----w- c:\users\Del\AppData\Local\Conduit
2011-10-24 23:03 . 2011-10-24 23:03 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-10-24 19:07 . 2011-10-24 23:00 -------- d-----w- c:\program files (x86)\iDailyDiary
2011-10-19 09:07 . 2011-10-19 09:07 -------- d-----w- c:\users\Del\AppData\Local\Windows Live Writer
2011-10-19 09:07 . 2011-10-19 09:07 -------- d-----w- c:\users\Del\AppData\Roaming\Windows Live Writer
2011-10-16 07:37 . 2011-10-16 07:37 -------- d-----w- C:\other
2011-10-14 16:33 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-14 16:33 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-14 16:33 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-14 16:33 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-14 16:32 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-14 16:32 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-14 16:32 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-14 16:32 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-14 16:25 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 21:44 . 2011-10-12 21:44 -------- d-----w- c:\users\Del\AppData\Roaming\Corel
2011-10-12 21:44 . 2011-10-12 21:44 952 --sha-w- c:\programdata\KGyGaAvL.sys
2011-10-12 21:44 . 2011-10-12 21:44 -------- d-----w- c:\users\Del\Corel
2011-10-12 20:24 . 2011-10-17 13:41 -------- d-----w- c:\users\Del\AppData\Roaming\ICQ
2011-10-12 20:24 . 2011-10-12 20:25 -------- d-----w- c:\program files (x86)\ICQ7.6
2011-10-11 22:36 . 2011-10-11 22:36 -------- d-----w- c:\users\Del\AppData\Roaming\vlc
2011-10-11 22:34 . 2011-10-11 22:34 -------- d-----w- c:\program files (x86)\VideoLAN
2011-10-05 15:12 . 2011-10-05 15:12 -------- d-----w- c:\users\Del\AppData\Local\Zoner
2011-10-05 15:11 . 2011-10-05 15:11 -------- d-----w- c:\program files\Zoner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-30 19:20 . 2011-10-30 19:20 103140 --sh--r- C:\qlvdk.pif
2011-10-09 15:17 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-20 16:42 . 2011-09-20 16:42 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-20 16:42 . 2011-09-20 16:42 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-09-20 16:42 . 2011-09-20 16:42 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-09-20 16:42 . 2011-09-20 16:42 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-20 16:42 . 2011-09-20 16:42 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-09-20 16:42 . 2011-09-20 16:42 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-09-20 16:42 . 2011-09-20 16:42 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-09-20 16:42 . 2011-09-20 16:42 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-20 16:42 . 2011-09-20 16:42 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-09-20 16:42 . 2011-09-20 16:42 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-20 16:42 . 2011-09-20 16:42 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-09-20 16:42 . 2011-09-20 16:42 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-09-20 16:42 . 2011-09-20 16:42 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-20 16:42 . 2011-09-20 16:42 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-20 16:42 . 2011-09-20 16:42 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-09-20 16:42 . 2011-09-20 16:42 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-09-20 16:42 . 2011-09-20 16:42 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-09-20 16:42 . 2011-09-20 16:42 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-09-20 16:42 . 2011-09-20 16:42 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-20 16:42 . 2011-09-20 16:42 448512 ----a-w- c:\windows\system32\html.iec
2011-09-20 16:42 . 2011-09-20 16:42 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-09-20 16:42 . 2011-09-20 16:42 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-09-20 16:42 . 2011-09-20 16:42 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-20 16:42 . 2011-09-20 16:42 222208 ----a-w- c:\windows\system32\msls31.dll
2011-09-20 16:42 . 2011-09-20 16:42 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-20 16:42 . 2011-09-20 16:42 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-09-20 16:42 . 2011-09-20 16:42 160256 ----a-w- c:\windows\system32\wextract.exe
2011-09-20 16:42 . 2011-09-20 16:42 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-09-20 16:42 . 2011-09-20 16:42 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-20 16:42 . 2011-09-20 16:42 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-20 16:42 . 2011-09-20 16:42 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-20 16:42 . 2011-09-20 16:42 12288 ----a-w- c:\windows\system32\mshta.exe
2011-09-20 16:42 . 2011-09-20 16:42 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-09-20 16:42 . 2011-09-20 16:42 114176 ----a-w- c:\windows\system32\admparse.dll
2011-09-20 16:42 . 2011-09-20 16:42 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-20 16:42 . 2011-09-20 16:42 101888 ----a-w- c:\windows\SysWow64\admparse.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-30_18.36.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2011-10-30 18:37 40444 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-30 18:37 35208 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-20 16:36 . 2011-10-30 19:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-20 16:36 . 2011-10-30 18:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-20 16:34 . 2011-10-30 18:37 8792 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4104132577-2480194942-3805754471-1000_UserData.bin
+ 2011-10-30 19:19 . 2011-10-30 19:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-30 18:35 . 2011-10-30 18:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-30 18:35 . 2011-10-30 18:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-30 19:19 . 2011-10-30 19:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-10-30 18:34 375444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-10-30 19:19 375444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17427080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 105328]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-04-19 1097808]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 ArcGIS License Manager;ArcGIS License Manager;c:\program files (x86)\ESRI\License\arcgis9x\lmgrd.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-04-19 353872]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-02-23 873064]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-01-18 39528]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-09-16 2538520]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-30 c:\windows\Tasks\Acer Registration - Reminder Recall task.job
- c:\program files (x86)\Acer\Registration\GREG.exe [2011-04-22 03:36]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4104132577-2480194942-3805754471-1000Core.job
- c:\users\Del\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 12:56]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4104132577-2480194942-3805754471-1000UA.job
- c:\users\Del\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 12:56]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 416024]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-17 11855976]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-23 1796200]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 195.113.44.11 195.113.0.2
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2011-10-30 20:24:02 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-30 19:24
ComboFix2.txt 2011-10-30 18:40
.
Pre-Run: 314 501 910 528 bytes free
Post-Run: 314 207 879 168 bytes free
.
- - End Of File - - 7BD24C1DFD247FD3832E1A5276982069

[Rudy]

Ještě se tam něco oibjevilo. Znovu spusťte ComboFix tímto skriptem:

Folder::
c:\windows\av_ico

Collect::
C:\hrgufc.exe
C:\qlvdk.pif

[dano1984]

tak este raz posielam:


ComboFix 11-10-30.03 - Del . 10. 2011 21:50:15.3.4 - x64
Running from: c:\users\Del\Downloads\ComboFix.exe
Command switches used :: c:\users\Del\Desktop\CFScript.txt
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
C:\hrgufc.exe
C:\qlvdk.pif
c:\windows\av_ico
c:\windows\av_ico\ico_avira_start.ico
c:\windows\av_ico\ico_mcafee_start.ico
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-30 )))))))))))))))))))))))))))))))
.
.
2011-10-30 21:06 . 2011-10-30 21:06 103140 --sh--r- C:\tmabyu.pif
2011-10-30 21:03 . 2011-10-30 21:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-30 20:24 . 2011-10-30 20:24 -------- d-----w- c:\users\Del\AppData\Roaming\go
2011-10-30 20:24 . 2011-10-30 20:54 -------- d-----w- c:\programdata\Easybits GO
2011-10-30 20:13 . 2011-10-30 20:34 24064 ----a-w- c:\windows\system32\avgwlx64.dll
2011-10-30 20:13 . 2011-10-30 20:34 13832 ----a-w- c:\windows\system32\drivers\avgcln64.sys
2011-10-30 20:13 . 2011-10-30 20:13 61960 ----a-w- c:\windows\system32\drivers\avgwfpx64.sys
2011-10-30 20:13 . 2011-10-30 20:13 32072 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2011-10-30 20:13 . 2011-10-30 20:13 -------- d-----w- c:\programdata\Grisoft
2011-10-30 20:08 . 2011-10-30 20:08 -------- d-----w- c:\users\Del\AppData\Roaming\skypePM
2011-10-30 20:06 . 2011-10-30 20:06 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-10-30 20:06 . 2011-10-30 20:06 -------- d-----r- c:\program files (x86)\Skype
2011-10-30 17:03 . 2011-10-30 17:03 -------- d-----w- c:\users\Del\AppData\Roaming\Malwarebytes
2011-10-30 17:02 . 2011-10-30 17:02 -------- d-----w- c:\programdata\Malwarebytes
2011-10-30 17:02 . 2011-10-30 17:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-30 17:02 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-30 16:30 . 2011-10-30 16:30 -------- d-----w- c:\program files\trend micro
2011-10-30 16:30 . 2011-10-30 16:30 -------- d-----w- C:\rsit
2011-10-30 13:45 . 2011-10-30 20:33 -------- d-----w- c:\programdata\AVG7
2011-10-30 13:24 . 2011-10-30 13:24 -------- d-----w- c:\windows\Sun
2011-10-30 13:24 . 2011-10-30 13:24 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-10-30 13:23 . 2011-10-30 13:23 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-30 13:23 . 2011-10-30 13:23 -------- d-----w- c:\program files (x86)\Java
2011-10-30 12:53 . 2011-10-30 12:53 -------- d-----w- c:\programdata\McAfee
2011-10-30 11:04 . 2011-10-30 11:04 -------- d-----w- c:\users\Del\AppData\Roaming\AVG7
2011-10-30 11:04 . 2011-10-30 11:04 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-10-30 10:37 . 2011-10-30 10:37 -------- d-----w- c:\users\Del\AppData\Roaming\Avira
2011-10-30 10:36 . 2011-09-18 07:39 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-30 10:36 . 2011-09-15 22:55 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-30 10:36 . 2011-09-15 22:55 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-29 11:19 . 2011-10-29 11:19 -------- d-----w- c:\windows\SysWow64\Adobe
2011-10-26 21:19 . 2011-10-26 21:19 -------- d-----w- c:\users\Del\.swt
2011-10-26 21:19 . 2011-10-26 21:45 -------- d-----w- c:\users\Del\AppData\Roaming\Azureus
2011-10-26 21:14 . 2011-10-26 21:53 -------- d-----w- c:\users\Del\AppData\Local\Conduit
2011-10-24 23:03 . 2011-10-24 23:03 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-10-24 19:07 . 2011-10-24 23:00 -------- d-----w- c:\program files (x86)\iDailyDiary
2011-10-19 09:07 . 2011-10-19 09:07 -------- d-----w- c:\users\Del\AppData\Local\Windows Live Writer
2011-10-19 09:07 . 2011-10-19 09:07 -------- d-----w- c:\users\Del\AppData\Roaming\Windows Live Writer
2011-10-16 07:37 . 2011-10-16 07:37 -------- d-----w- C:\other
2011-10-14 16:33 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-14 16:33 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-14 16:33 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-14 16:33 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-14 16:32 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-14 16:32 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-14 16:32 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-14 16:32 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-14 16:25 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 21:44 . 2011-10-12 21:44 -------- d-----w- c:\users\Del\AppData\Roaming\Corel
2011-10-12 21:44 . 2011-10-12 21:44 952 --sha-w- c:\programdata\KGyGaAvL.sys
2011-10-12 21:44 . 2011-10-12 21:44 -------- d-----w- c:\users\Del\Corel
2011-10-12 20:24 . 2011-10-17 13:41 -------- d-----w- c:\users\Del\AppData\Roaming\ICQ
2011-10-12 20:24 . 2011-10-12 20:25 -------- d-----w- c:\program files (x86)\ICQ7.6
2011-10-11 22:36 . 2011-10-11 22:36 -------- d-----w- c:\users\Del\AppData\Roaming\vlc
2011-10-11 22:34 . 2011-10-11 22:34 -------- d-----w- c:\program files (x86)\VideoLAN
2011-10-05 15:12 . 2011-10-05 15:12 -------- d-----w- c:\users\Del\AppData\Local\Zoner
2011-10-05 15:11 . 2011-10-05 15:11 -------- d-----w- c:\program files\Zoner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-09 15:17 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-20 16:42 . 2011-09-20 16:42 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-20 16:42 . 2011-09-20 16:42 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-09-20 16:42 . 2011-09-20 16:42 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-09-20 16:42 . 2011-09-20 16:42 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-20 16:42 . 2011-09-20 16:42 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-09-20 16:42 . 2011-09-20 16:42 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-09-20 16:42 . 2011-09-20 16:42 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-09-20 16:42 . 2011-09-20 16:42 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-20 16:42 . 2011-09-20 16:42 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-09-20 16:42 . 2011-09-20 16:42 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-20 16:42 . 2011-09-20 16:42 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-09-20 16:42 . 2011-09-20 16:42 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-09-20 16:42 . 2011-09-20 16:42 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-20 16:42 . 2011-09-20 16:42 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-20 16:42 . 2011-09-20 16:42 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-09-20 16:42 . 2011-09-20 16:42 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-09-20 16:42 . 2011-09-20 16:42 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-09-20 16:42 . 2011-09-20 16:42 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-09-20 16:42 . 2011-09-20 16:42 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-20 16:42 . 2011-09-20 16:42 448512 ----a-w- c:\windows\system32\html.iec
2011-09-20 16:42 . 2011-09-20 16:42 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-09-20 16:42 . 2011-09-20 16:42 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-09-20 16:42 . 2011-09-20 16:42 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-20 16:42 . 2011-09-20 16:42 222208 ----a-w- c:\windows\system32\msls31.dll
2011-09-20 16:42 . 2011-09-20 16:42 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-20 16:42 . 2011-09-20 16:42 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-09-20 16:42 . 2011-09-20 16:42 160256 ----a-w- c:\windows\system32\wextract.exe
2011-09-20 16:42 . 2011-09-20 16:42 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-09-20 16:42 . 2011-09-20 16:42 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-20 16:42 . 2011-09-20 16:42 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-20 16:42 . 2011-09-20 16:42 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-20 16:42 . 2011-09-20 16:42 12288 ----a-w- c:\windows\system32\mshta.exe
2011-09-20 16:42 . 2011-09-20 16:42 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-09-20 16:42 . 2011-09-20 16:42 114176 ----a-w- c:\windows\system32\admparse.dll
2011-09-20 16:42 . 2011-09-20 16:42 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-20 16:42 . 2011-09-20 16:42 101888 ----a-w- c:\windows\SysWow64\admparse.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-30_18.36.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2011-10-30 21:06 43328 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-30 21:06 35352 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-20 16:36 . 2011-10-30 21:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-20 16:36 . 2011-10-30 18:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-20 16:34 . 2011-10-30 21:06 9102 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4104132577-2480194942-3805754471-1000_UserData.bin
+ 2011-10-30 21:04 . 2011-10-30 21:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-30 18:35 . 2011-10-30 18:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-30 18:35 . 2011-10-30 18:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-30 21:04 . 2011-10-30 21:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-10-30 18:34 375444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-10-30 21:03 375444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-30 20:06 . 2011-10-30 20:06 371272 c:\windows\Installer\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}\SkypeIcon.exe
+ 2011-09-21 18:59 . 2011-10-30 21:03 1601792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4104132577-2480194942-3805754471-1000-12288.dat
- 2011-09-21 18:59 . 2011-10-30 18:19 1601792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4104132577-2480194942-3805754471-1000-12288.dat
+ 2011-10-30 20:06 . 2011-10-30 20:06 18293248 c:\windows\Installer\253e13.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-03 15109000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 105328]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-04-19 1097808]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"AVG7_CC"="c:\progra~2\Grisoft\AVG7\avgcc.exe" [2011-10-30 590848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~2\Grisoft\AVG7\avgw.exe" [2011-10-30 219136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 ArcGIS License Manager;ArcGIS License Manager;c:\program files (x86)\ESRI\License\arcgis9x\lmgrd.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 AvgCln64;AVG7 Clean Driver (x64);c:\windows\System32\Drivers\avgcln64.sys [x]
S1 AvgMfx64;AVG Minifilter x64 Resident Driver;c:\windows\System32\Drivers\avgmfx64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-04-19 353872]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-02-23 873064]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-01-18 39528]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-09-16 2538520]
S3 AvgWFPx64;AVG7 Firewall Driver x64;c:\windows\System32\Drivers\avgwfpx64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-30 c:\windows\Tasks\Acer Registration - Reminder Recall task.job
- c:\program files (x86)\Acer\Registration\GREG.exe [2011-04-22 03:36]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4104132577-2480194942-3805754471-1000Core.job
- c:\users\Del\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 12:56]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4104132577-2480194942-3805754471-1000UA.job
- c:\users\Del\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 12:56]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 416024]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-17 11855976]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-23 1796200]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 195.113.44.11 195.113.0.2
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-avgwlx64 - avgwlx64.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\progra~2\Grisoft\AVG7\avgamsvr.exe
c:\progra~2\Grisoft\AVG7\avgupsvc.exe
c:\progra~2\Grisoft\AVG7\avgrssvc.exe
c:\progra~2\Grisoft\AVG7\avgrssvc.exe
c:\progra~2\Grisoft\AVG7\avgemc.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Grisoft\AVG7\avgcc.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2011-10-30 22:11:15 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-30 21:11
ComboFix2.txt 2011-10-30 19:24
ComboFix3.txt 2011-10-30 18:40
.
Pre-Run: 313 715 458 048 bytes free
Post-Run: 313 537 302 528 bytes free
.
- - End Of File - - BA16D52EDD0F8F731337BE42606FD8E1
Upload was successful

[Rudy]

Ještě zkuste ručně odmáznout tento soubor: C:\tmabyu.pif . V případě, že by to nešlo, odstřelte přes CF tímto skriptem:

Collect::
C:\tmabyu.pif

[dano1984]

Ok, islo to zmazat bez problemov, tak ak by sa zas nieco vyskytlo urcite napisem.

a este raz vdaka, do dnes som ani nevedel ze takato super stranka existuje, kamarat mi oporucil. Ak toto robite naozaj vo svojom volnom case, tak klobuk dole pred vami, diki.

[Rudy]

Ano, děláme to ve svém volném čase. Jsme parta nadšenců. Nemáte zač!

[ringov]

Nadsencu-odborniku,klobuk dole a prepečte za vstup.

[dano1984]

tak som tu znova, tak nakoniec to neslo az tak lahko, ten subor sice zmazalo, ale po chvili sa tam objavil znova, tak som zase pouzil combofix a vysiel mi tento log:


ComboFix 11-10-30.03 - Del . 10. 2011 23:07:07.4.4 - x64
Running from: c:\users\Del\Downloads\ComboFix.exe
Command switches used :: c:\users\Del\Desktop\CFScript.txt
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
C:\tmabyu.pif
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-30 )))))))))))))))))))))))))))))))
.
.
2011-10-30 22:24 . 2011-10-30 22:24 103140 --sh--r- C:\dckcyy.pif
2011-10-30 22:19 . 2011-10-30 22:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-30 20:24 . 2011-10-30 20:24 -------- d-----w- c:\users\Del\AppData\Roaming\go
2011-10-30 20:24 . 2011-10-30 20:54 -------- d-----w- c:\programdata\Easybits GO
2011-10-30 20:13 . 2011-10-30 20:34 24064 ----a-w- c:\windows\system32\avgwlx64.dll
2011-10-30 20:13 . 2011-10-30 20:34 13832 ----a-w- c:\windows\system32\drivers\avgcln64.sys
2011-10-30 20:13 . 2011-10-30 20:13 61960 ----a-w- c:\windows\system32\drivers\avgwfpx64.sys
2011-10-30 20:13 . 2011-10-30 20:13 32072 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2011-10-30 20:13 . 2011-10-30 20:13 -------- d-----w- c:\programdata\Grisoft
2011-10-30 20:08 . 2011-10-30 20:08 -------- d-----w- c:\users\Del\AppData\Roaming\skypePM
2011-10-30 17:03 . 2011-10-30 17:03 -------- d-----w- c:\users\Del\AppData\Roaming\Malwarebytes
2011-10-30 17:02 . 2011-10-30 17:02 -------- d-----w- c:\programdata\Malwarebytes
2011-10-30 17:02 . 2011-10-30 17:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-30 17:02 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-30 16:30 . 2011-10-30 16:30 -------- d-----w- c:\program files\trend micro
2011-10-30 16:30 . 2011-10-30 16:30 -------- d-----w- C:\rsit
2011-10-30 13:45 . 2011-10-30 20:33 -------- d-----w- c:\programdata\AVG7
2011-10-30 13:24 . 2011-10-30 13:24 -------- d-----w- c:\windows\Sun
2011-10-30 13:24 . 2011-10-30 13:24 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-10-30 13:23 . 2011-10-30 13:23 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-30 13:23 . 2011-10-30 13:23 -------- d-----w- c:\program files (x86)\Java
2011-10-30 12:53 . 2011-10-30 12:53 -------- d-----w- c:\programdata\McAfee
2011-10-30 11:04 . 2011-10-30 11:04 -------- d-----w- c:\users\Del\AppData\Roaming\AVG7
2011-10-30 11:04 . 2011-10-30 11:04 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-10-30 10:37 . 2011-10-30 10:37 -------- d-----w- c:\users\Del\AppData\Roaming\Avira
2011-10-30 10:36 . 2011-09-18 07:39 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-30 10:36 . 2011-09-15 22:55 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-30 10:36 . 2011-09-15 22:55 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-29 11:19 . 2011-10-29 11:19 -------- d-----w- c:\windows\SysWow64\Adobe
2011-10-26 21:19 . 2011-10-26 21:19 -------- d-----w- c:\users\Del\.swt
2011-10-26 21:19 . 2011-10-26 21:45 -------- d-----w- c:\users\Del\AppData\Roaming\Azureus
2011-10-26 21:14 . 2011-10-26 21:53 -------- d-----w- c:\users\Del\AppData\Local\Conduit
2011-10-24 23:03 . 2011-10-24 23:03 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-10-24 19:07 . 2011-10-24 23:00 -------- d-----w- c:\program files (x86)\iDailyDiary
2011-10-19 09:07 . 2011-10-19 09:07 -------- d-----w- c:\users\Del\AppData\Local\Windows Live Writer
2011-10-19 09:07 . 2011-10-19 09:07 -------- d-----w- c:\users\Del\AppData\Roaming\Windows Live Writer
2011-10-16 07:37 . 2011-10-16 07:37 -------- d-----w- C:\other
2011-10-14 16:33 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-14 16:33 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-14 16:33 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-14 16:33 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-14 16:32 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-14 16:32 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-14 16:32 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-14 16:32 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-14 16:25 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 21:44 . 2011-10-12 21:44 -------- d-----w- c:\users\Del\AppData\Roaming\Corel
2011-10-12 21:44 . 2011-10-12 21:44 952 --sha-w- c:\programdata\KGyGaAvL.sys
2011-10-12 21:44 . 2011-10-12 21:44 -------- d-----w- c:\users\Del\Corel
2011-10-12 20:24 . 2011-10-17 13:41 -------- d-----w- c:\users\Del\AppData\Roaming\ICQ
2011-10-12 20:24 . 2011-10-12 20:25 -------- d-----w- c:\program files (x86)\ICQ7.6
2011-10-11 22:36 . 2011-10-11 22:36 -------- d-----w- c:\users\Del\AppData\Roaming\vlc
2011-10-11 22:34 . 2011-10-11 22:34 -------- d-----w- c:\program files (x86)\VideoLAN
2011-10-05 15:12 . 2011-10-05 15:12 -------- d-----w- c:\users\Del\AppData\Local\Zoner
2011-10-05 15:11 . 2011-10-05 15:11 -------- d-----w- c:\program files\Zoner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-30 22:24 . 2011-10-30 22:24 103140 --sh--r- C:\pixc.exe
2011-10-09 15:17 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-20 16:42 . 2011-09-20 16:42 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-20 16:42 . 2011-09-20 16:42 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-09-20 16:42 . 2011-09-20 16:42 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-09-20 16:42 . 2011-09-20 16:42 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-20 16:42 . 2011-09-20 16:42 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-09-20 16:42 . 2011-09-20 16:42 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-09-20 16:42 . 2011-09-20 16:42 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-09-20 16:42 . 2011-09-20 16:42 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-20 16:42 . 2011-09-20 16:42 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-09-20 16:42 . 2011-09-20 16:42 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-20 16:42 . 2011-09-20 16:42 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-09-20 16:42 . 2011-09-20 16:42 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-09-20 16:42 . 2011-09-20 16:42 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-20 16:42 . 2011-09-20 16:42 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-20 16:42 . 2011-09-20 16:42 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-09-20 16:42 . 2011-09-20 16:42 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-09-20 16:42 . 2011-09-20 16:42 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-09-20 16:42 . 2011-09-20 16:42 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-09-20 16:42 . 2011-09-20 16:42 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-20 16:42 . 2011-09-20 16:42 448512 ----a-w- c:\windows\system32\html.iec
2011-09-20 16:42 . 2011-09-20 16:42 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-09-20 16:42 . 2011-09-20 16:42 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-09-20 16:42 . 2011-09-20 16:42 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-20 16:42 . 2011-09-20 16:42 222208 ----a-w- c:\windows\system32\msls31.dll
2011-09-20 16:42 . 2011-09-20 16:42 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-20 16:42 . 2011-09-20 16:42 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-09-20 16:42 . 2011-09-20 16:42 160256 ----a-w- c:\windows\system32\wextract.exe
2011-09-20 16:42 . 2011-09-20 16:42 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-09-20 16:42 . 2011-09-20 16:42 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-20 16:42 . 2011-09-20 16:42 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-20 16:42 . 2011-09-20 16:42 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-20 16:42 . 2011-09-20 16:42 12288 ----a-w- c:\windows\system32\mshta.exe
2011-09-20 16:42 . 2011-09-20 16:42 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-09-20 16:42 . 2011-09-20 16:42 114176 ----a-w- c:\windows\system32\admparse.dll
2011-09-20 16:42 . 2011-09-20 16:42 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-20 16:42 . 2011-09-20 16:42 101888 ----a-w- c:\windows\SysWow64\admparse.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-30_18.36.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2011-10-30 22:24 44044 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-30 22:24 35416 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-20 16:36 . 2011-10-30 22:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-20 16:36 . 2011-10-30 18:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-20 16:34 . 2011-10-30 22:24 9222 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4104132577-2480194942-3805754471-1000_UserData.bin
- 2011-10-30 18:35 . 2011-10-30 18:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-30 22:20 . 2011-10-30 22:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-30 18:35 . 2011-10-30 18:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-30 22:20 . 2011-10-30 22:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-10-30 18:34 375444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-10-30 22:20 375444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-09-21 18:59 . 2011-10-30 22:20 1601792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4104132577-2480194942-3805754471-1000-12288.dat
- 2011-09-21 18:59 . 2011-10-30 18:19 1601792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4104132577-2480194942-3805754471-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 105328]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-04-19 1097808]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"AVG7_CC"="c:\progra~2\Grisoft\AVG7\avgcc.exe" [2011-10-30 590848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~2\Grisoft\AVG7\avgw.exe" [2011-10-30 219136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlx64]
avgwlx64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 ArcGIS License Manager;ArcGIS License Manager;c:\program files (x86)\ESRI\License\arcgis9x\lmgrd.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 AvgCln64;AVG7 Clean Driver (x64);c:\windows\System32\Drivers\avgcln64.sys [x]
S1 AvgMfx64;AVG Minifilter x64 Resident Driver;c:\windows\System32\Drivers\avgmfx64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-04-19 353872]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-02-23 873064]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-01-18 39528]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-09-16 2538520]
S3 AvgWFPx64;AVG7 Firewall Driver x64;c:\windows\System32\Drivers\avgwfpx64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-30 c:\windows\Tasks\Acer Registration - Reminder Recall task.job
- c:\program files (x86)\Acer\Registration\GREG.exe [2011-04-22 03:36]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4104132577-2480194942-3805754471-1000Core.job
- c:\users\Del\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 12:56]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4104132577-2480194942-3805754471-1000UA.job
- c:\users\Del\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 12:56]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 416024]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-17 11855976]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-23 1796200]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 195.113.44.11 195.113.0.2
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\progra~2\Grisoft\AVG7\avgamsvr.exe
c:\progra~2\Grisoft\AVG7\avgupsvc.exe
c:\progra~2\Grisoft\AVG7\avgrssvc.exe
c:\progra~2\Grisoft\AVG7\avgrssvc.exe
c:\progra~2\Grisoft\AVG7\avgemc.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Grisoft\AVG7\avgcc.exe
c:\program files (x86)\Launch Manager\LMworker.exe
.
**************************************************************************
.
Completion time: 2011-10-30 23:28:44 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-30 22:28
ComboFix2.txt 2011-10-30 21:12
ComboFix3.txt 2011-10-30 19:24
ComboFix4.txt 2011-10-30 18:40
.
Pre-Run: 313 326 436 352 bytes free
Post-Run: 312 916 811 776 bytes free
.
- - End Of File - - 4133C511FDFBC5378D9CC843EC0865EE
Upload was successful



samozrejme asi tu nie ste do rana, tak popripade mozme pokracovat aj zajtra

[Rudy]

Objevuje se to tam stále, ale pod různými názvy. Teď je to C:\dckcyy.pif . Udělejte sken GMER: http://www.viry.cz/forum/viewtopic.php?f=29&t=62878 a dejte oba logy.