Prosim o pomoc s pc

[L.M.]

zdravim koupil sem si notebook z ruky a je pravdepodobne hodne zavirovanej
chci vas poprosit o pomoc s procistenim diky

Logfile of random's system information tool 1.08 (written by random/random)
Run by Karen at 2011-01-03 14:24:39
Microsoft Windows 7 Starter
System drive C: has 115 GB (81%) free of 141 GB
Total RAM: 1015 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:24:48 PM, on 03/01/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Karen\Desktop\RSIT\32bit\RSIT.exe
C:\Program Files\trend micro\Karen.exe

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_55e4bd7d7a827098\aestsrv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Qualcomm Gobi 2000 Download Service (HP) (QDLService2kHP) - QUALCOMM, Inc. - C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe
O23 - Service: HP Connection Manager Service (SMManager) - Smith Micro Software, Inc. - C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_55e4bd7d7a827098\STacSV.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 1842 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Connection Manager.exe]
C:\Program Files\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe [2009-08-12 1117000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-13 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=181
"NoDriveAutoRun"=0xE0FFFF03

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-01-03 14:17:14 ----SHD---- C:\$RECYCLE.BIN
2011-01-01 15:53:46 ----D---- C:\Windows\temp
2011-01-01 15:36:23 ----D---- C:\ComboFix
2011-01-01 15:35:38 ----A---- C:\Windows\SWXCACLS.exe
2010-12-20 15:48:50 ----D---- C:\Program Files\Common Files\Skype
2010-12-18 21:57:16 ----A---- C:\Windows\zip.exe
2010-12-18 21:57:16 ----A---- C:\Windows\SWSC.exe
2010-12-18 21:57:16 ----A---- C:\Windows\SWREG.exe
2010-12-18 21:57:16 ----A---- C:\Windows\sed.exe
2010-12-18 21:57:16 ----A---- C:\Windows\PEV.exe
2010-12-18 21:57:16 ----A---- C:\Windows\NIRCMD.exe
2010-12-18 21:57:16 ----A---- C:\Windows\MBR.exe
2010-12-18 21:57:16 ----A---- C:\Windows\grep.exe
2010-12-18 21:53:16 ----D---- C:\Qoobox
2010-12-17 22:40:31 ----A---- C:\Windows\system32\tzres.dll
2010-12-17 22:40:21 ----A---- C:\Windows\system32\iertutil.dll
2010-12-17 22:40:18 ----A---- C:\Windows\system32\mstime.dll
2010-12-17 22:40:17 ----A---- C:\Windows\system32\mshtml.dll
2010-12-17 22:40:15 ----A---- C:\Windows\system32\ieframe.dll
2010-12-17 22:40:13 ----A---- C:\Windows\system32\wininet.dll
2010-12-17 22:40:12 ----A---- C:\Windows\system32\urlmon.dll
2010-12-17 22:40:11 ----A---- C:\Windows\system32\msfeeds.dll
2010-12-17 22:40:11 ----A---- C:\Windows\system32\iedkcs32.dll
2010-12-17 22:40:10 ----A---- C:\Windows\system32\mshtmled.dll
2010-12-17 22:40:10 ----A---- C:\Windows\system32\ieui.dll
2010-12-17 22:40:10 ----A---- C:\Windows\system32\iepeers.dll
2010-12-17 22:40:09 ----A---- C:\Windows\system32\msfeedssync.exe
2010-12-17 22:40:09 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-12-17 22:40:09 ----A---- C:\Windows\system32\licmgr10.dll
2010-12-17 22:40:09 ----A---- C:\Windows\system32\jsproxy.dll
2010-12-17 22:40:00 ----A---- C:\Windows\system32\taskschd.dll
2010-12-17 22:40:00 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-17 22:39:59 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-17 22:39:59 ----A---- C:\Windows\system32\taskeng.exe
2010-12-17 22:39:59 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-17 22:39:58 ----A---- C:\Windows\system32\schtasks.exe
2010-12-17 22:39:52 ----A---- C:\Windows\system32\atmlib.dll
2010-12-17 22:39:52 ----A---- C:\Windows\system32\atmfd.dll
2010-12-17 22:39:50 ----A---- C:\Windows\system32\webio.dll
2010-12-17 22:39:48 ----A---- C:\Windows\system32\consent.exe
2010-12-17 22:39:47 ----A---- C:\Windows\system32\win32k.sys
2010-12-08 20:08:44 ----RA---- C:\AGTSCRPT.JS_
2010-12-08 20:08:44 ----RA---- C:\agtscrp2.js_
2010-12-08 20:08:44 ----RA---- C:\AGTCORE.JS_
2010-12-08 20:08:37 ----RD---- C:\WINNTUPG
2010-12-08 20:08:35 ----RD---- C:\WIN9XUPG
2010-12-08 20:08:20 ----RD---- C:\WIN9XMIG
2010-12-08 20:08:20 ----RD---- C:\SYSTEM32
2010-12-08 20:08:05 ----RD---- C:\LANG
2010-12-08 20:08:05 ----RD---- C:\DRW
2010-12-08 20:07:54 ----RD---- C:\COMPDATA
2010-12-08 20:07:49 ----RD---- C:\ASMS
2010-12-08 19:47:36 ----D---- C:\Program Files\LSoft Technologies Inc
2010-12-08 18:20:37 ----RASH---- C:\MSDOS.SYS
2010-12-08 18:20:37 ----RASH---- C:\IO.SYS

======List of files/folders modified in the last 1 months======

2011-01-03 14:24:45 ----D---- C:\Program Files\trend micro
2011-01-03 14:23:21 ----D---- C:\Windows\Prefetch
2011-01-03 14:23:11 ----D---- C:\Windows\debug
2011-01-03 14:23:11 ----D---- C:\Windows
2011-01-03 14:21:57 ----D---- C:\Windows\System32
2011-01-03 14:21:57 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-01-03 14:21:56 ----D---- C:\Windows\inf
2011-01-03 14:21:21 ----D---- C:\Windows\system32\config
2011-01-01 19:07:17 ----SHD---- C:\System Volume Information
2011-01-01 15:54:26 ----A---- C:\Windows\system.ini
2011-01-01 15:47:04 ----D---- C:\Windows\system32\drivers
2011-01-01 15:47:03 ----D---- C:\Windows\AppPatch
2011-01-01 15:46:56 ----D---- C:\Program Files\Common Files
2011-01-01 15:29:41 ----D---- C:\Program Files\Mozilla Firefox
2010-12-31 16:14:39 ----D---- C:\Users\Karen\AppData\Roaming\Skype
2010-12-31 16:07:56 ----D---- C:\Users\Karen\AppData\Roaming\skypePM
2010-12-20 15:49:01 ----SHD---- C:\Windows\Installer
2010-12-20 15:48:59 ----D---- C:\Windows\system32\Tasks
2010-12-20 15:48:50 ----RD---- C:\Program Files\Skype
2010-12-20 15:48:39 ----D---- C:\ProgramData\Skype
2010-12-18 22:48:34 ----D---- C:\Windows\system32\NDF
2010-12-18 22:38:09 ----D---- C:\Windows\system32\drivers\etc
2010-12-18 18:03:16 ----D---- C:\Windows\winsxs
2010-12-18 17:59:22 ----D---- C:\Windows\system32\migration
2010-12-18 17:59:22 ----D---- C:\Windows\system32\en-US
2010-12-18 17:59:22 ----D---- C:\Program Files\Windows Mail
2010-12-18 17:59:22 ----D---- C:\Program Files\Internet Explorer
2010-12-18 17:41:16 ----D---- C:\Program Files\Microsoft Works
2010-12-18 17:39:07 ----D---- C:\ProgramData\Microsoft Help
2010-12-18 17:38:13 ----D---- C:\Users
2010-12-18 17:37:35 ----D---- C:\Windows\system32\catroot
2010-12-18 17:37:34 ----D---- C:\Windows\system32\catroot2
2010-12-18 17:32:09 ----A---- C:\Windows\system32\MRT.exe
2010-12-08 20:04:20 ----D---- C:\Program Files\Common Files\InstallShield
2010-12-08 19:47:36 ----D---- C:\Program Files
2010-12-08 19:47:33 ----HD---- C:\Program Files\InstallShield Installation Information
2010-12-08 19:02:00 ----D---- C:\ProgramData\Recovery
2010-12-08 18:28:45 ----D---- C:\Users\Karen\AppData\Roaming\Microsoft
2010-12-08 16:23:13 ----D---- C:\ProgramData\CyberLink
2010-12-06 10:48:33 ----D---- C:\Windows\Tasks
2010-12-04 16:02:59 ----D---- C:\Windows\rescache
2010-12-04 15:17:13 ----D---- C:\Users\Karen\AppData\Roaming\Hewlett-Packard

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-04 330264]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-13 173648]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2010-10-30 2710592]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x86.sys [2009-10-21 57856]
R3 qcfilterhp2k;Gobi 2000 USB Composite Device Filter Driver(03F0-251D); C:\Windows\system32\DRIVERS\qcfilterhp2k.sys [2009-10-01 5248]
R3 qcusbnethp2k;Gobi 2000 USB-NDIS miniport(03F0-251D); C:\Windows\system32\DRIVERS\qcusbnethp2k.sys [2009-10-01 201728]
R3 qcusbserhp2k;Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D); C:\Windows\system32\DRIVERS\qcusbserhp2k.sys [2009-10-01 106368]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2009-06-29 408576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-05-27 245936]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-13 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-13 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-13 53312]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-07-13 1096704]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 catchme;catchme; \??\C:\Users\Karen\AppData\Local\Temp\catchme.sys []
S3 cglptnt;cglptnt; \??\C:\totalcmd\cglptnt.sys [2008-07-29 7888]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-22 39272]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-13 12368]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2007-05-14 22656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-09-22 174592]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-10-09 84992]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-13 52304]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-13 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-13 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_55e4bd7d7a827098\aestsrv.exe [2009-03-02 81920]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
R2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP); C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe [2009-10-01 330488]
R2 SMManager;HP Connection Manager Service; C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe [2009-08-12 82248]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_55e4bd7d7a827098\STacSV.exe [2009-06-29 221266]
R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-25 136176]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-22 1493352]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2009-10-15 120832]
S4 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[L.M.]

ComboFix 11-01-03.01 - Karen 03/01/2011 15:02:11.5.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.2.1033.18.1015.385 [GMT -5:00]
Running from: c:\users\Karen\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-12-03 to 2011-01-03 )))))))))))))))))))))))))))))))
.

2011-01-03 19:54 . 2011-01-03 19:54 709456 ----a-w- c:\windows\isRS-000.tmp
2011-01-03 19:29 . 2010-11-10 01:33 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7AA6B06-48D5-4FCD-9E50-3936CBD4FAA8}\mpengine.dll
2010-12-20 20:48 . 2010-12-20 20:48 -------- d-----w- c:\program files\Common Files\Skype
2010-12-19 03:38 . 2011-01-03 20:37 -------- d-----w- c:\users\Karen\AppData\Local\temp
2010-12-18 22:38 . 2010-12-18 22:38 -------- d-----w- c:\users\Default
2010-12-18 03:39 . 2010-11-02 04:41 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-18 03:39 . 2010-11-02 04:40 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-18 03:39 . 2010-11-02 04:34 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-12-18 03:39 . 2010-11-02 04:34 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-12-18 03:39 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-18 03:39 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-18 03:39 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
2010-12-18 03:39 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
2010-12-18 03:39 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-09 03:58 . 2010-12-22 04:25 -------- d-----w- c:\users\Karen\AppData\Local\Windows Live
2010-12-09 01:08 . 2010-12-09 01:08 -------- d-----r- C:\WINNTUPG
2010-12-09 01:08 . 2010-12-09 01:08 -------- d-----r- C:\WIN9XUPG
2010-12-09 01:08 . 2010-12-09 01:08 -------- d-----r- C:\WIN9XMIG
2010-12-09 01:08 . 2010-12-09 01:08 -------- d-----r- C:\SYSTEM32
2010-12-09 01:08 . 2010-12-09 01:08 -------- d-----r- C:\LANG
2010-12-09 01:08 . 2010-12-09 01:08 -------- d-----r- C:\DRW
2010-12-09 01:07 . 2010-12-09 01:08 -------- d-----r- C:\COMPDATA
2010-12-09 01:07 . 2010-12-09 01:07 -------- d-----r- C:\ASMS
2010-12-09 00:47 . 2010-12-09 00:47 -------- d-----w- c:\program files\LSoft Technologies Inc
2010-12-08 21:23 . 2010-12-08 21:23 -------- d-----w- c:\users\Public\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2010-11-26 00:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-11-26 00:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-10 01:33 . 2010-11-28 22:28 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-30 14:09 . 2010-03-09 18:40 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2010-10-30 14:09 . 2010-03-09 18:40 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2010-10-30 14:09 . 2010-03-09 18:40 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll
2010-10-30 14:09 . 2010-03-09 18:40 3555328 ----a-w- c:\windows\system32\bcmihvui.dll
2010-10-30 14:09 . 2010-03-09 18:40 2710592 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2010-10-19 20:51 . 2010-04-23 20:12 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Connection Manager.exe"="c:\program files\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe" [2009-08-13 1117000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Connection Manager.exe]
2009-08-13 02:09 1117000 ----a-w- c:\program files\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-26 136176]
R3 cglptnt;cglptnt;c:\totalcmd\cglptnt.sys [2008-07-29 7888]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 174592]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_55e4bd7d7a827098\aestsrv.exe [2009-03-02 81920]
S2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP);c:\program files\QUALCOMM\QDLService2k\QDLService2kHP.exe [2009-10-01 330488]
S2 SMManager;HP Connection Manager Service;c:\program files\Hewlett-Packard\HP Connection Manager\SMManager.exe [2009-08-13 82248]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-10-22 57856]
S3 qcfilterhp2k;Gobi 2000 USB Composite Device Filter Driver(03F0-251D);c:\windows\system32\DRIVERS\qcfilterhp2k.sys [2009-10-01 5248]
S3 qcusbnethp2k;Gobi 2000 USB-NDIS miniport(03F0-251D);c:\windows\system32\DRIVERS\qcusbnethp2k.sys [2009-10-01 201728]
S3 qcusbserhp2k;Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D);c:\windows\system32\DRIVERS\qcusbserhp2k.sys [2009-10-01 106368]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder

2011-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-26 00:31]

2011-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-26 00:31]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\jwsatd3d.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: PriceGong: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} - c:\program files\PriceGong\2.1.0\FF
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{9BB815EB-3F9F-4E11-9150-CB70E29B40FC} - (no file)
AddRemove-HijackThis - e:\hijackthis\HijackThis.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-03 15:41:54
ComboFix-quarantined-files.txt 2011-01-03 20:41

Pre-Run: 120,881,491,968 bytes free
Post-Run: 120,877,797,376 bytes free

- - End Of File - - 647E205F539A5982D288859711CB5692

[Rudy]

Skoro nic infikovaného tam nemáte. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\isRS-000.tmp

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkaz ze skriptu.

[L.M.]

ComboFix 11-01-03.01 - Karen 03/01/2011 16:40:38.6.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.2.1033.18.1015.511 [GMT -5:00]
Running from: c:\users\Karen\Desktop\ComboFix.exe
Command switches used :: c:\users\Karen\Desktop\CFScript.txt..txt
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

file zipped: c:\windows\isRS-000.tmp
.

((((((((((((((((((((((((( Files Created from 2010-12-03 to 2011-01-03 )))))))))))))))))))))))))))))))
.

2011-01-03 19:54 . 2011-01-03 21:40 709456 ----a-w- c:\windows\isRS-000.tmp
2011-01-03 19:29 . 2010-11-10 01:33 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7AA6B06-48D5-4FCD-9E50-3936CBD4FAA8}\mpengine.dll
2010-12-20 20:48 . 2010-12-20 20:48 -------- d-----w- c:\program files\Common Files\Skype
2010-12-19 03:38 . 2011-01-03 21:55 -------- d-----w- c:\users\Karen\AppData\Local\temp
2010-12-18 22:38 . 2010-12-18 22:38 -------- d-----w- c:\users\Default
2010-12-18 03:39 . 2010-11-02 04:41 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-18 03:39 . 2010-11-02 04:40 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-18 03:39 . 2010-11-02 04:34 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-12-18 03:39 . 2010-11-02 04:34 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-12-18 03:39 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-18 03:39 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-18 03:39 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
2010-12-18 03:39 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
2010-12-18 03:39 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-09 03:58 . 2010-12-22 04:25 -------- d-----w- c:\users\Karen\AppData\Local\Windows Live
2010-12-09 01:08 . 2010-12-09 01:08 -------- d-----r- C:\WINNTUPG
2010-12-09 01:08 . 2010-12-09 01:08 -------- d-----r- C:\WIN9XUPG
2010-12-09 01:08 . 2010-12-09 01:08 -------- d-----r- C:\WIN9XMIG
2010-12-09 01:08 . 2010-12-09 01:08 -------- d-----r- C:\SYSTEM32
2010-12-09 01:08 . 2010-12-09 01:08 -------- d-----r- C:\LANG
2010-12-09 01:08 . 2010-12-09 01:08 -------- d-----r- C:\DRW
2010-12-09 01:07 . 2010-12-09 01:08 -------- d-----r- C:\COMPDATA
2010-12-09 01:07 . 2010-12-09 01:07 -------- d-----r- C:\ASMS
2010-12-09 00:47 . 2010-12-09 00:47 -------- d-----w- c:\program files\LSoft Technologies Inc
2010-12-08 21:23 . 2010-12-08 21:23 -------- d-----w- c:\users\Public\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2010-11-26 00:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-11-26 00:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-10 01:33 . 2010-11-28 22:28 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-30 14:09 . 2010-03-09 18:40 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2010-10-30 14:09 . 2010-03-09 18:40 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2010-10-30 14:09 . 2010-03-09 18:40 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll
2010-10-30 14:09 . 2010-03-09 18:40 3555328 ----a-w- c:\windows\system32\bcmihvui.dll
2010-10-30 14:09 . 2010-03-09 18:40 2710592 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2010-10-19 20:51 . 2010-04-23 20:12 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Connection Manager.exe"="c:\program files\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe" [2009-08-13 1117000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Connection Manager.exe]
2009-08-13 02:09 1117000 ----a-w- c:\program files\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-26 136176]
R3 cglptnt;cglptnt;c:\totalcmd\cglptnt.sys [2008-07-29 7888]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 174592]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_55e4bd7d7a827098\aestsrv.exe [2009-03-02 81920]
S2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP);c:\program files\QUALCOMM\QDLService2k\QDLService2kHP.exe [2009-10-01 330488]
S2 SMManager;HP Connection Manager Service;c:\program files\Hewlett-Packard\HP Connection Manager\SMManager.exe [2009-08-13 82248]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-10-22 57856]
S3 qcfilterhp2k;Gobi 2000 USB Composite Device Filter Driver(03F0-251D);c:\windows\system32\DRIVERS\qcfilterhp2k.sys [2009-10-01 5248]
S3 qcusbnethp2k;Gobi 2000 USB-NDIS miniport(03F0-251D);c:\windows\system32\DRIVERS\qcusbnethp2k.sys [2009-10-01 201728]
S3 qcusbserhp2k;Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D);c:\windows\system32\DRIVERS\qcusbserhp2k.sys [2009-10-01 106368]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - CFCATCHME
*Deregistered* - CFcatchme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder

2011-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-26 00:31]

2011-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-26 00:31]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\jwsatd3d.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: PriceGong: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} - c:\program files\PriceGong\2.1.0\FF
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2088)
c:\windows\system32\igfxpph.dll
c:\windows\system32\hccutils.DLL
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\igfxrENU.lrc
.
Completion time: 2011-01-03 16:59:41
ComboFix-quarantined-files.txt 2011-01-03 21:59
ComboFix2.txt 2011-01-03 20:41

Pre-Run: 120,786,411,520 bytes free
Post-Run: 120,504,594,432 bytes free

- - End Of File - - 6BCA99747BE42D0E96E7F6ADAE8AA2C0

[Rudy]

Soubor se po restartu obnovil. Zkuste Avenger se skriptem:

Files to delete:
c:\windows\isRS-000.tmp

[L.M.]

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "c:\windows\isRS-000.tmp" not found!
Deletion of file "c:\windows\isRS-000.tmp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

[Rudy]

Zkuste se podívat do adresáře C:\windows a zjhistit, zda tam ten soubor je. Avenger hlásí, že ho nenašel.

[L.M.]

no nemuzu ho tam najit tak tam uz asi neni jeste radeji pridavam log

Logfile of random's system information tool 1.08 (written by random/random)
Run by Karen at 2011-01-05 13:26:48
Microsoft Windows 7 Starter
System drive C: has 115 GB (81%) free of 141 GB
Total RAM: 1015 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:27:22 PM, on 05/01/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Karen\Desktop\RSIT.exe
C:\Program Files\trend micro\Karen.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [HP Connection Manager.exe] "C:\Program Files\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe"
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_55e4bd7d7a827098\aestsrv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Qualcomm Gobi 2000 Download Service (HP) (QDLService2kHP) - QUALCOMM, Inc. - C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe
O23 - Service: HP Connection Manager Service (SMManager) - Smith Micro Software, Inc. - C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_55e4bd7d7a827098\STacSV.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 2394 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Connection Manager.exe"=C:\Program Files\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe [2009-08-12 1117000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Connection Manager.exe]
C:\Program Files\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe [2009-08-12 1117000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-13 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=181
"NoDriveAutoRun"=0xE0FFFF03

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-01-05 12:47:57 ----D---- C:\Avenger
2011-01-05 12:47:56 ----A---- C:\avenger.txt
2011-01-05 12:38:35 ----D---- C:\32788R22FWJFW
2011-01-05 12:25:02 ----D---- C:\Windows\temp
2011-01-05 12:25:00 ----A---- C:\ComboFix.txt
2011-01-05 12:23:35 ----SHD---- C:\$RECYCLE.BIN
2011-01-05 12:03:00 ----A---- C:\Windows\SWXCACLS.exe
2010-12-20 15:48:50 ----D---- C:\Program Files\Common Files\Skype
2010-12-18 21:57:16 ----A---- C:\Windows\zip.exe
2010-12-18 21:57:16 ----A---- C:\Windows\SWSC.exe
2010-12-18 21:57:16 ----A---- C:\Windows\SWREG.exe
2010-12-18 21:57:16 ----A---- C:\Windows\sed.exe
2010-12-18 21:57:16 ----A---- C:\Windows\PEV.exe
2010-12-18 21:57:16 ----A---- C:\Windows\NIRCMD.exe
2010-12-18 21:57:16 ----A---- C:\Windows\MBR.exe
2010-12-18 21:57:16 ----A---- C:\Windows\grep.exe
2010-12-18 21:53:16 ----D---- C:\Qoobox
2010-12-17 22:40:31 ----A---- C:\Windows\system32\tzres.dll
2010-12-17 22:40:21 ----A---- C:\Windows\system32\iertutil.dll
2010-12-17 22:40:18 ----A---- C:\Windows\system32\mstime.dll
2010-12-17 22:40:17 ----A---- C:\Windows\system32\mshtml.dll
2010-12-17 22:40:15 ----A---- C:\Windows\system32\ieframe.dll
2010-12-17 22:40:13 ----A---- C:\Windows\system32\wininet.dll
2010-12-17 22:40:12 ----A---- C:\Windows\system32\urlmon.dll
2010-12-17 22:40:11 ----A---- C:\Windows\system32\msfeeds.dll
2010-12-17 22:40:11 ----A---- C:\Windows\system32\iedkcs32.dll
2010-12-17 22:40:10 ----A---- C:\Windows\system32\mshtmled.dll
2010-12-17 22:40:10 ----A---- C:\Windows\system32\ieui.dll
2010-12-17 22:40:10 ----A---- C:\Windows\system32\iepeers.dll
2010-12-17 22:40:09 ----A---- C:\Windows\system32\msfeedssync.exe
2010-12-17 22:40:09 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-12-17 22:40:09 ----A---- C:\Windows\system32\licmgr10.dll
2010-12-17 22:40:09 ----A---- C:\Windows\system32\jsproxy.dll
2010-12-17 22:40:00 ----A---- C:\Windows\system32\taskschd.dll
2010-12-17 22:40:00 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-17 22:39:59 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-17 22:39:59 ----A---- C:\Windows\system32\taskeng.exe
2010-12-17 22:39:59 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-17 22:39:58 ----A---- C:\Windows\system32\schtasks.exe
2010-12-17 22:39:52 ----A---- C:\Windows\system32\atmlib.dll
2010-12-17 22:39:52 ----A---- C:\Windows\system32\atmfd.dll
2010-12-17 22:39:50 ----A---- C:\Windows\system32\webio.dll
2010-12-17 22:39:48 ----A---- C:\Windows\system32\consent.exe
2010-12-17 22:39:47 ----A---- C:\Windows\system32\win32k.sys
2010-12-08 20:08:44 ----RA---- C:\AGTSCRPT.JS_
2010-12-08 20:08:44 ----RA---- C:\agtscrp2.js_
2010-12-08 20:08:44 ----RA---- C:\AGTCORE.JS_
2010-12-08 20:08:37 ----RD---- C:\WINNTUPG
2010-12-08 20:08:35 ----RD---- C:\WIN9XUPG
2010-12-08 20:08:20 ----RD---- C:\WIN9XMIG
2010-12-08 20:08:20 ----RD---- C:\SYSTEM32
2010-12-08 20:08:05 ----RD---- C:\LANG
2010-12-08 20:08:05 ----RD---- C:\DRW
2010-12-08 20:07:54 ----RD---- C:\COMPDATA
2010-12-08 20:07:49 ----RD---- C:\ASMS
2010-12-08 19:47:36 ----D---- C:\Program Files\LSoft Technologies Inc
2010-12-08 18:20:37 ----RASH---- C:\MSDOS.SYS
2010-12-08 18:20:37 ----RASH---- C:\IO.SYS

======List of files/folders modified in the last 1 months======

2011-01-05 13:26:59 ----D---- C:\Windows\Prefetch
2011-01-05 13:26:51 ----D---- C:\Program Files\trend micro
2011-01-05 12:52:44 ----D---- C:\Windows\System32
2011-01-05 12:52:44 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-01-05 12:52:43 ----D---- C:\Windows\inf
2011-01-05 12:47:57 ----D---- C:\Program Files
2011-01-05 12:47:56 ----D---- C:\Windows\system32\drivers
2011-01-05 12:47:13 ----D---- C:\Windows\system32\config
2011-01-05 12:25:02 ----D---- C:\Windows
2011-01-05 12:19:35 ----A---- C:\Windows\system.ini
2011-01-05 12:19:17 ----D---- C:\Windows\ERDNT
2011-01-05 12:19:14 ----D---- C:\Windows\system32\drivers\etc
2011-01-05 12:12:00 ----D---- C:\Windows\AppPatch
2011-01-05 12:11:57 ----D---- C:\Program Files\Common Files
2011-01-04 21:28:45 ----SHD---- C:\System Volume Information
2011-01-03 21:11:48 ----D---- C:\Users\Karen\AppData\Roaming\Skype
2011-01-03 21:11:27 ----D---- C:\Program Files\Mozilla Firefox
2011-01-03 21:10:56 ----D---- C:\Users\Karen\AppData\Roaming\skypePM
2011-01-03 18:03:16 ----D---- C:\Windows\rescache
2011-01-03 14:55:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-01-03 14:23:11 ----D---- C:\Windows\debug
2010-12-20 15:49:01 ----SHD---- C:\Windows\Installer
2010-12-20 15:48:59 ----D---- C:\Windows\system32\Tasks
2010-12-20 15:48:50 ----RD---- C:\Program Files\Skype
2010-12-20 15:48:39 ----D---- C:\ProgramData\Skype
2010-12-18 22:48:34 ----D---- C:\Windows\system32\NDF
2010-12-18 18:03:16 ----D---- C:\Windows\winsxs
2010-12-18 17:59:22 ----D---- C:\Windows\system32\migration
2010-12-18 17:59:22 ----D---- C:\Windows\system32\en-US
2010-12-18 17:59:22 ----D---- C:\Program Files\Windows Mail
2010-12-18 17:59:22 ----D---- C:\Program Files\Internet Explorer
2010-12-18 17:41:16 ----D---- C:\Program Files\Microsoft Works
2010-12-18 17:39:07 ----D---- C:\ProgramData\Microsoft Help
2010-12-18 17:38:13 ----D---- C:\Users
2010-12-18 17:37:35 ----D---- C:\Windows\system32\catroot
2010-12-18 17:37:34 ----D---- C:\Windows\system32\catroot2
2010-12-18 17:32:09 ----A---- C:\Windows\system32\MRT.exe
2010-12-08 20:04:20 ----D---- C:\Program Files\Common Files\InstallShield
2010-12-08 19:47:33 ----HD---- C:\Program Files\InstallShield Installation Information
2010-12-08 19:02:00 ----D---- C:\ProgramData\Recovery
2010-12-08 18:28:45 ----D---- C:\Users\Karen\AppData\Roaming\Microsoft
2010-12-08 16:23:13 ----D---- C:\ProgramData\CyberLink
2010-12-06 10:48:33 ----D---- C:\Windows\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-04 330264]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-13 173648]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2010-10-30 2710592]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x86.sys [2009-10-21 57856]
R3 qcfilterhp2k;Gobi 2000 USB Composite Device Filter Driver(03F0-251D); C:\Windows\system32\DRIVERS\qcfilterhp2k.sys [2009-10-01 5248]
R3 qcusbnethp2k;Gobi 2000 USB-NDIS miniport(03F0-251D); C:\Windows\system32\DRIVERS\qcusbnethp2k.sys [2009-10-01 201728]
R3 qcusbserhp2k;Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D); C:\Windows\system32\DRIVERS\qcusbserhp2k.sys [2009-10-01 106368]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2009-06-29 408576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-05-27 245936]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-13 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-13 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-13 53312]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-07-13 1096704]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 catchme;catchme; \??\C:\Users\Karen\AppData\Local\Temp\catchme.sys []
S3 CFcatchme;CFcatchme; \??\C:\Users\Karen\AppData\Local\Temp\CFcatchme.sys []
S3 cglptnt;cglptnt; \??\C:\totalcmd\cglptnt.sys [2008-07-29 7888]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-22 39272]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-13 12368]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2007-05-14 22656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-09-22 174592]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-10-09 84992]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-13 52304]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-13 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-13 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_55e4bd7d7a827098\aestsrv.exe [2009-03-02 81920]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
R2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP); C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe [2009-10-01 330488]
R2 SMManager;HP Connection Manager Service; C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe [2009-08-12 82248]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_55e4bd7d7a827098\STacSV.exe [2009-06-29 221266]
R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-25 136176]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-22 1493352]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2009-10-15 120832]
S4 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------

[Rudy]

Log již vypadá čistý.

[L.M.]

OK díky moc

[Rudy]

Nemáte zač!