mrznutie pc

[x-an]

niekedy sa mi stava ze mi mrzne pocitac, scerna obrazovka a sekne sa zvuk, jedine co potom pomaha je reset (sem tam ani ten nie, musim ho vypnut a znova zapnut)
snazil som sa prist na to kedy to mrzne, ale akosi som nenasiel nic co by mohlo byt pricinou, sem tam mi zamrzne niekolko krat do dna a inokedy zasa bezi par dni bez problemov
bojim sa ze by to mohlo byt nieco s hardwerom, ale nemam ani tusenie ako to zistit

[Rudy]

Začneme tím, že vyloučíme viry. Dejte log z RSIT: http://viry.cz/forum/viewtopic.php?f=24&t=81939 .

[x-an]

Logfile of random's system information tool 1.08 (written by random/random)
Run by mmm at 2011-01-21 14:59:57
Microsoft Windows 7 Ultimate
System drive C: has 26 GB (53%) free of 50 GB
Total RAM: 3839 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:59:59, on 21. 1. 2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Winamp\winamp.exe
D:\Miranda IM\miranda32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\mmm.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7218 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
taskhost.exe USER
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming
KHALMNPR.EXE /API
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE"
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Program Files (x86)\Winamp\winamp.exe"
"D:\Miranda IM\miranda32.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=1228.8a661a0.1176019673 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" 1228 plugin \\.\pipe\gecko-crash-server-pipe.1228
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\mmm\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL [2011-01-03 54704]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
mwsBar BHO - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL [2011-01-03 796176]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} - My Web Search - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL [2011-01-03 796176]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-11-15 11474024]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2010-10-29 1680976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"MyWebSearch Email Plugin"=C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe [2011-01-03 32849]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"NPSStartup"= []
"My Web Search Bar Search Scope Monitor"=C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe [2011-01-03 28783]
"MyWebSearch Email Plugin"=C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe [2011-01-03 32849]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2010-10-28 66640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-01-20 13:47:20 ----D---- C:\rsit
2011-01-20 13:47:20 ----D---- C:\Program Files\trend micro
2011-01-03 23:21:28 ----D---- C:\Program Files (x86)\MyWebSearch
2011-01-03 23:21:18 ----D---- C:\Program Files (x86)\FunWebProducts
2010-12-23 16:42:08 ----D---- C:\Windows\SYSWOW64\Adobe
2010-12-22 08:58:57 ----D---- C:\Users\mmm\AppData\Roaming\GHISLER
2010-12-22 08:58:57 ----D---- C:\totalcmd
2010-12-22 08:58:57 ----A---- C:\Windows\UC.PIF
2010-12-22 08:58:57 ----A---- C:\Windows\RAR.PIF
2010-12-22 08:58:57 ----A---- C:\Windows\PKZIP.PIF
2010-12-22 08:58:57 ----A---- C:\Windows\PKUNZIP.PIF
2010-12-22 08:58:57 ----A---- C:\Windows\NOCLOSE.PIF
2010-12-22 08:58:57 ----A---- C:\Windows\LHA.PIF
2010-12-22 08:58:57 ----A---- C:\Windows\ARJ.PIF

======List of files/folders modified in the last 1 months======

2011-01-21 14:59:58 ----D---- C:\Windows\Temp
2011-01-21 13:11:38 ----D---- C:\Windows\Prefetch
2011-01-21 12:51:21 ----D---- C:\Windows\System32
2011-01-21 12:51:21 ----D---- C:\Windows\inf
2011-01-21 12:51:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-01-20 22:31:01 ----D---- C:\Users\mmm\AppData\Roaming\Skype
2011-01-20 21:12:27 ----D---- C:\Users\mmm\AppData\Roaming\skypePM
2011-01-20 17:14:26 ----D---- C:\Users\mmm\AppData\Roaming\uTorrent
2011-01-20 13:47:20 ----RD---- C:\Program Files
2011-01-19 20:00:25 ----SD---- C:\Users\mmm\AppData\Roaming\Microsoft
2011-01-16 19:12:10 ----D---- C:\Windows\system32\config
2011-01-16 19:00:17 ----SHD---- C:\System Volume Information
2011-01-14 18:40:19 ----D---- C:\Users\mmm\AppData\Roaming\ApexDC++
2011-01-09 16:28:56 ----D---- C:\Windows\system32\catroot2
2011-01-05 17:30:30 ----SHD---- C:\Windows\Installer
2011-01-03 23:21:29 ----D---- C:\Windows\SysWOW64
2011-01-03 23:21:28 ----RD---- C:\Program Files (x86)
2011-01-03 21:33:58 ----D---- C:\Windows\system32\drivers
2010-12-23 16:46:02 ----D---- C:\Windows

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-11-15 834544]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-09-07 28752]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-09-07 121936]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-09-07 51280]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-09-07 20048]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-13 5020672]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-11-15 2511464]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2010-08-24 63568]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2010-08-24 57936]
R3 msloop;Microsoft Loopback Adapter Driver; C:\Windows\system32\DRIVERS\loop.sys [2009-07-14 7680]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
S3 a0xsqtkp;a0xsqtkp; C:\Windows\system32\drivers\a0xsqtkp.sys []
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [2010-07-26 20568]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\Windows\system32\DRIVERS\s116bus.sys [2007-04-03 108296]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s116mdfl.sys [2007-04-03 19720]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s116mdm.sys [2007-04-03 144648]
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s116mgmt.sys [2007-04-03 126216]
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\Windows\system32\DRIVERS\s116nd5.sys [2007-04-03 31496]
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s116obex.sys [2007-04-03 123656]
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\Windows\system32\DRIVERS\s116unic.sys [2007-04-03 130824]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\WNt500x64\Sandra.sys [2009-08-07 23112]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ssm_bus.sys [2010-03-25 136192]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\Windows\system32\DRIVERS\ssm_mdfl.sys [2010-03-25 18944]
S3 ssm_mdm;SAMSUNG Mobile USB Port II 1.0 Drivers; C:\Windows\system32\DRIVERS\ssm_mdm.sys [2010-03-25 172032]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2010-07-26 16392]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 MyWebSearchService;My Web Search Service; C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe [2011-01-03 28762]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2010-10-28 357456]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe [2009-08-17 93848]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

[Rudy]

Přinejmenším máte v PC AdWare. Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[x-an]

ComboFix 11-01-20.04 - mmm . 01. 2011 18:14:14.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3839.2802 [GMT 1:00]
Running from: c:\users\mmm\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\progra~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
c:\program files (x86)\FunWebProducts
c:\program files (x86)\MyWebSearch
c:\program files (x86)\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files (x86)\MyWebSearch\bar\1.bin\F3CJpeg.dll
c:\program files (x86)\MyWebSearch\bar\1.bin\F3DTactl.dll
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HTtpct.dll
c:\program files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3SCrctr.dll
c:\program files (x86)\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files (x86)\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files (x86)\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files (x86)\MyWebSearch\bar\1.bin\CHROME.MANIFEST
c:\program files (x86)\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files (x86)\MyWebSearch\bar\1.bin\INSTALL.RDF
c:\program files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3HTml.dll
c:\program files (x86)\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files (x86)\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files (x86)\MyWebSearch\bar\Game\CHESS.F3S
c:\program files (x86)\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files (x86)\MyWebSearch\bar\icons\CM.ICO
c:\program files (x86)\MyWebSearch\bar\icons\MFC.ICO
c:\program files (x86)\MyWebSearch\bar\icons\PSS.ICO
c:\program files (x86)\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files (x86)\MyWebSearch\bar\icons\WB.ICO
c:\program files (x86)\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files (x86)\MyWebSearch\bar\Message\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files (x86)\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\system32\f3PSSavr.scr
c:\windows\SysWow64\f3PSSavr.scr
c:\windows\SysWow64\lsprst7.dll
c:\windows\SysWow64\prsgrc.dll
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MaJUtilLib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCaller.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\MetaStore2.dll
c:\windows\SysWow64\system32\Microsoft.Synchronization.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
c:\windows\SysWow64\system32\Synchronization2.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2010-12-21 to 2011-01-21 )))))))))))))))))))))))))))))))
.

2011-01-21 17:18 . 2011-01-21 17:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-21 17:11 . 2011-01-21 17:12 -------- d-----w- C:\32788R22FWJFW
2011-01-20 12:47 . 2011-01-21 13:59 -------- d-----w- c:\program files\trend micro
2011-01-20 12:47 . 2011-01-20 12:47 -------- d-----w- C:\rsit
2010-12-23 15:42 . 2010-12-23 15:42 -------- d-----w- c:\windows\SysWow64\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-15 17:23 . 2010-12-15 14:51 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-12-17 06:56 . 2010-12-22 07:58 545 ----a-w- c:\windows\UC.PIF
2010-12-17 06:56 . 2010-12-22 07:58 545 ----a-w- c:\windows\RAR.PIF
2010-12-17 06:56 . 2010-12-22 07:58 545 ----a-w- c:\windows\PKZIP.PIF
2010-12-17 06:56 . 2010-12-22 07:58 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-12-17 06:56 . 2010-12-22 07:58 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-12-17 06:56 . 2010-12-22 07:58 545 ----a-w- c:\windows\LHA.PIF
2010-12-17 06:56 . 2010-12-22 07:58 545 ----a-w- c:\windows\ARJ.PIF
2010-12-15 14:51 . 2010-12-15 14:51 53248 ----a-r- c:\users\mmm\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-12-13 10:24 . 2010-12-13 10:24 3024 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2010-12-11 10:45 . 2010-12-11 10:07 2829 ----a-w- c:\windows\War3Unin.pif
2010-12-11 10:45 . 2010-12-11 10:07 139264 ----a-w- c:\windows\War3Unin.exe
2010-11-15 17:26 . 2010-11-15 17:26 5222 ----a-w- c:\programdata\xml5A7E.tmp
2010-11-15 17:26 . 2010-11-15 17:26 2263 ----a-w- c:\programdata\xml5B8A.tmp
2010-11-15 17:26 . 2010-11-15 17:26 13489 ----a-w- c:\programdata\xml5B3B.tmp
2010-11-15 14:26 . 2010-11-15 14:27 2601816 ----a-w- c:\windows\system32\WavesGUILib.dll
2010-11-15 14:26 . 2010-11-15 14:27 518896 ----a-w- c:\windows\system32\SRSTSX64.dll
2010-11-15 14:26 . 2010-11-15 14:27 211184 ----a-w- c:\windows\system32\SRSTSH64.dll
2010-11-15 14:26 . 2010-11-15 14:27 198896 ----a-w- c:\windows\system32\SRSHP64.dll
2010-11-15 14:26 . 2010-11-15 14:27 155888 ----a-w- c:\windows\system32\SRSWOW64.dll
2010-11-15 14:26 . 2010-11-15 14:27 120208 ----a-w- c:\windows\system32\SFSS_APO.dll
2010-11-15 14:26 . 2010-11-15 14:27 81232 ----a-w- c:\windows\system32\SFCOM64.dll
2010-11-15 14:26 . 2010-11-15 14:27 78160 ----a-w- c:\windows\system32\SFAPO64.dll
2010-11-15 14:26 . 2010-11-15 14:27 74064 ----a-w- c:\windows\SysWow64\SFCOM.dll
2010-11-15 14:26 . 2010-11-15 14:27 220496 ----a-w- c:\windows\system32\SFNHK64.dll
2010-11-15 14:26 . 2010-11-15 14:27 1146984 ----a-w- c:\windows\system32\RTSnMg64.cpl
2010-11-15 14:26 . 2010-11-15 14:27 332392 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2010-11-15 14:26 . 2010-11-15 14:27 2048104 ----a-w- c:\windows\system32\RtPgEx64.dll
2010-11-15 14:26 . 2010-11-15 14:27 2511464 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2010-11-15 14:26 . 2010-11-15 14:27 2625640 ----a-w- c:\windows\system32\RtkAPO64.dll
2010-11-15 14:26 . 2010-11-15 14:27 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
2010-11-15 14:26 . 2010-11-15 14:27 99016 ----a-w- c:\windows\system32\RTEEL64A.dll
2010-11-15 14:26 . 2010-11-15 14:27 76488 ----a-w- c:\windows\system32\RTEEG64A.dll
2010-11-15 14:26 . 2010-11-15 14:27 601704 ----a-w- c:\windows\system32\RtkApi64.dll
2010-11-15 14:26 . 2010-11-15 14:27 372936 ----a-w- c:\windows\system32\RTEEP64A.dll
2010-11-15 14:26 . 2010-11-15 14:27 201928 ----a-w- c:\windows\system32\RTEED64A.dll
2010-11-15 14:26 . 2010-11-15 14:27 1215592 ----a-w- c:\windows\system32\RTCOM64.dll
2010-11-15 14:26 . 2010-11-15 14:27 79976 ----a-w- c:\windows\system32\RCoInst64.dll
2010-11-15 14:26 . 2010-11-15 14:27 477800 ----a-w- c:\windows\system32\RCoRes64.dat
2010-11-15 14:26 . 2010-11-15 14:27 307920 ----a-w- c:\windows\system32\RP3DHT64.dll
2010-11-15 14:26 . 2010-11-15 14:27 307920 ----a-w- c:\windows\system32\RP3DAA64.dll
2010-11-15 14:26 . 2010-11-15 14:27 334680 ----a-w- c:\windows\system32\MaxxVolumeSDAPO.dll
2010-11-15 14:26 . 2010-11-15 14:27 2197264 ----a-w- c:\windows\system32\MaxxAudioEQ.dll
2010-11-15 14:26 . 2010-11-15 14:27 1756160 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll
2010-11-15 14:26 . 2010-11-15 14:27 334848 ----a-w- c:\windows\system32\MaxxAudioAPO30.dll
2010-11-15 14:26 . 2010-11-15 14:27 318808 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll
2010-11-15 14:26 . 2010-11-15 14:27 474336 ----a-w- c:\windows\system32\DTSVoiceClarityDLL64.dll
2010-11-15 14:26 . 2010-11-15 14:27 338336 ----a-w- c:\windows\system32\FMAPO64.dll
2010-11-15 14:26 . 2010-11-15 14:27 489696 ----a-w- c:\windows\system32\DTSSymmetryDLL64.dll
2010-11-15 14:26 . 2010-11-15 14:27 315616 ----a-w- c:\windows\system32\DTSNeoPCDLL64.dll
2010-11-15 14:26 . 2010-11-15 14:27 268512 ----a-w- c:\windows\system32\DTSLimiterDLL64.dll
2010-11-15 14:26 . 2010-11-15 14:27 265440 ----a-w- c:\windows\system32\DTSGainCompensatorDLL64.dll
2010-11-15 14:26 . 2010-11-15 14:27 1325792 ----a-w- c:\windows\system32\DTSS2SpeakerDLL64.dll
2010-11-15 14:26 . 2010-11-15 14:27 124640 ----a-w- c:\windows\system32\DTSLFXAPO64.dll
2010-11-15 14:26 . 2010-11-15 14:27 124128 ----a-w- c:\windows\system32\DTSGFXAPO64.dll
2010-11-15 14:26 . 2010-11-15 14:27 123616 ----a-w- c:\windows\system32\DTSGFXAPONS64.dll
2010-11-15 14:26 . 2010-11-15 14:27 1178336 ----a-w- c:\windows\system32\DTSS2HeadphoneDLL64.dll
2010-11-15 14:26 . 2010-11-15 14:27 503520 ----a-w- c:\windows\system32\DTSBassEnhancementDLL64.dll
2010-11-15 14:26 . 2010-11-15 14:27 1110240 ----a-w- c:\windows\system32\DTSBoostDLL64.dll
2010-11-15 14:26 . 2010-11-15 14:27 200800 ----a-w- c:\windows\system32\AERTAC64.dll
2010-11-15 14:26 . 2010-11-15 14:27 108960 ----a-w- c:\windows\system32\AERTAR64.dll
2010-11-15 14:26 . 2010-11-15 14:27 1251944 ----a-w- c:\windows\RtlExUpd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-07-26 20568]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe [2009-08-17 93848]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-07-26 16392]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-15 834544]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]

.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF10700.cfxxe" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-15 11474024]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.sk/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\mmm\AppData\Roaming\Mozilla\Firefox\Profiles\wlg53pct.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -

Wow6432Node-HKLM-Run-NPSStartup - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
.
**************************************************************************
.
Completion time: 2011-01-21 18:26:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-21 17:26

Pre-Run: 29 391 650 816 bytes free
Post-Run: 30 348 955 648 bytes free

- - End Of File - - 4E851566BD457297EF8FA24EC5C697DE

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\programdata\xml5A7E.tmp
c:\programdata\xml5B8A.tmp
c:\programdata\xml5B3B.tmp

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[x-an]

ComboFix 11-01-20.04 - mmm . 01. 2011 20:01:26.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3839.3016 [GMT 1:00]
Running from: c:\users\mmm\Desktop\ComboFix.exe
Command switches used :: c:\users\mmm\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-12-21 to 2011-01-21 )))))))))))))))))))))))))))))))
.

2011-01-21 19:05 . 2011-01-21 19:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-20 12:47 . 2011-01-21 13:59 -------- d-----w- c:\program files\trend micro
2011-01-20 12:47 . 2011-01-20 12:47 -------- d-----w- C:\rsit
2010-12-23 15:42 . 2010-12-23 15:42 -------- d-----w- c:\windows\SysWow64\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-15 17:23 . 2010-12-15 14:51 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-12-17 06:56 . 2010-12-22 07:58 545 ----a-w- c:\windows\UC.PIF
2010-12-17 06:56 . 2010-12-22 07:58 545 ----a-w- c:\windows\RAR.PIF
2010-12-17 06:56 . 2010-12-22 07:58 545 ----a-w- c:\windows\PKZIP.PIF
2010-12-17 06:56 . 2010-12-22 07:58 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-12-17 06:56 . 2010-12-22 07:58 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-12-17 06:56 . 2010-12-22 07:58 545 ----a-w- c:\windows\LHA.PIF
2010-12-17 06:56 . 2010-12-22 07:58 545 ----a-w- c:\windows\ARJ.PIF
2010-12-15 14:51 . 2010-12-15 14:51 53248 ----a-r- c:\users\mmm\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-12-13 10:24 . 2010-12-13 10:24 3024 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2010-12-11 10:45 . 2010-12-11 10:07 2829 ----a-w- c:\windows\War3Unin.pif
2010-12-11 10:45 . 2010-12-11 10:07 139264 ----a-w- c:\windows\War3Unin.exe
2010-11-15 17:26 . 2010-11-15 17:26 5222 ----a-w- c:\programdata\xml5A7E.tmp
2010-11-15 17:26 . 2010-11-15 17:26 2263 ----a-w- c:\programdata\xml5B8A.tmp
2010-11-15 17:26 . 2010-11-15 17:26 13489 ----a-w- c:\programdata\xml5B3B.tmp
2010-11-15 14:26 . 2010-11-15 14:27 2601816 ----a-w- c:\windows\system32\WavesGUILib.dll
2010-11-15 14:26 . 2010-11-15 14:27 518896 ----a-w- c:\windows\system32\SRSTSX64.dll
2010-11-15 14:26 . 2010-11-15 14:27 211184 ----a-w- c:\windows\system32\SRSTSH64.dll
2010-11-15 14:26 . 2010-11-15 14:27 198896 ----a-w- c:\windows\system32\SRSHP64.dll
2010-11-15 14:26 . 2010-11-15 14:27 155888 ----a-w- c:\windows\system32\SRSWOW64.dll
2010-11-15 14:26 . 2010-11-15 14:27 120208 ----a-w- c:\windows\system32\SFSS_APO.dll
2010-11-15 14:26 . 2010-11-15 14:27 81232 ----a-w- c:\windows\system32\SFCOM64.dll
2010-11-15 14:26 . 2010-11-15 14:27 78160 ----a-w- c:\windows\system32\SFAPO64.dll
2010-11-15 14:26 . 2010-11-15 14:27 74064 ----a-w- c:\windows\SysWow64\SFCOM.dll
2010-11-15 14:26 . 2010-11-15 14:27 220496 ----a-w- c:\windows\system32\SFNHK64.dll
2010-11-15 14:26 . 2010-11-15 14:27 1146984 ----a-w- c:\windows\system32\RTSnMg64.cpl
2010-11-15 14:26 . 2010-11-15 14:27 332392 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2010-11-15 14:26 . 2010-11-15 14:27 2048104 ----a-w- c:\windows\system32\RtPgEx64.dll
2010-11-15 14:26 . 2010-11-15 14:27 2511464 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2010-11-15 14:26 . 2010-11-15 14:27 2625640 ----a-w- c:\windows\system32\RtkAPO64.dll
2010-11-15 14:26 . 2010-11-15 14:27 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
2010-11-15 14:26 . 2010-11-15 14:27 99016 ----a-w- c:\windows\system32\RTEEL64A.dll
2010-11-15 14:26 . 2010-11-15 14:27 76488 ----a-w- c:\windows\system32\RTEEG64A.dll
2010-11-15 14:26 . 2010-11-15 14:27 601704 ----a-w- c:\windows\system32\RtkApi64.dll
2010-11-15 14:26 . 2010-11-15 14:27 372936 ----a-w- c:\windows\system32\RTEEP64A.dll
2010-11-15 14:26 . 2010-11-15 14:27 201928 ----a-w- c:\windows\system32\RTEED64A.dll
2010-11-15 14:26 . 2010-11-15 14:27 1215592 ----a-w- c:\windows\system32\RTCOM64.dll
2010-11-15 14:26 . 2010-11-15 14:27 79976 ----a-w- c:\windows\system32\RCoInst64.dll
2010-11-15 14:26 . 2010-11-15 14:27 477800 ----a-w- c:\windows\system32\RCoRes64.dat
2010-11-15 14:26 . 2010-11-15 14:27 307920 ----a-w- c:\windows\system32\RP3DHT64.dll
2010-11-15 14:26 . 2010-11-15 14:27 307920 ----a-w- c:\windows\system32\RP3DAA64.dll
2010-11-15 14:26 . 2010-11-15 14:27 334680 ----a-w- c:\windows\system32\MaxxVolumeSDAPO.dll
2010-11-15 14:26 . 2010-11-15 14:27 2197264 ----a-w- c:\windows\system32\MaxxAudioEQ.dll
2010-11-15 14:26 . 2010-11-15 14:27 1756160 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll
2010-11-15 14:26 . 2010-11-15 14:27 334848 ----a-w- c:\windows\system32\MaxxAudioAPO30.dll
2010-11-15 14:26 . 2010-11-15 14:27 318808 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll
2010-11-15 14:26 . 2010-11-15 14:27 474336 ----a-w- c:\windows\system32\DTSVoiceClarityDLL64.dll
2010-11-15 14:26 . 2010-11-15 14:27 338336 ----a-w- c:\windows\system32\FMAPO64.dll
2010-11-15 14:26 . 2010-11-15 14:27 489696 ----a-w- c:\windows\system32\DTSSymmetryDLL64.dll
2010-11-15 14:26 . 2010-11-15 14:27 315616 ----a-w- c:\windows\system32\DTSNeoPCDLL64.dll
2010-11-15 14:26 . 2010-11-15 14:27 268512 ----a-w- c:\windows\system32\DTSLimiterDLL64.dll
2010-11-15 14:26 . 2010-11-15 14:27 265440 ----a-w- c:\windows\system32\DTSGainCompensatorDLL64.dll
2010-11-15 14:26 . 2010-11-15 14:27 1325792 ----a-w- c:\windows\system32\DTSS2SpeakerDLL64.dll
2010-11-15 14:26 . 2010-11-15 14:27 124640 ----a-w- c:\windows\system32\DTSLFXAPO64.dll
2010-11-15 14:26 . 2010-11-15 14:27 124128 ----a-w- c:\windows\system32\DTSGFXAPO64.dll
2010-11-15 14:26 . 2010-11-15 14:27 123616 ----a-w- c:\windows\system32\DTSGFXAPONS64.dll
2010-11-15 14:26 . 2010-11-15 14:27 1178336 ----a-w- c:\windows\system32\DTSS2HeadphoneDLL64.dll
2010-11-15 14:26 . 2010-11-15 14:27 503520 ----a-w- c:\windows\system32\DTSBassEnhancementDLL64.dll
2010-11-15 14:26 . 2010-11-15 14:27 1110240 ----a-w- c:\windows\system32\DTSBoostDLL64.dll
2010-11-15 14:26 . 2010-11-15 14:27 200800 ----a-w- c:\windows\system32\AERTAC64.dll
2010-11-15 14:26 . 2010-11-15 14:27 108960 ----a-w- c:\windows\system32\AERTAR64.dll
2010-11-15 14:26 . 2010-11-15 14:27 1251944 ----a-w- c:\windows\RtlExUpd.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-01-21_17.23.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-01-21 17:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-01-21 19:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-01-21 17:23 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-01-21 19:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-01-21 19:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-01-21 17:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2011-01-21 19:00 32104 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-11-16 16:03 . 2011-01-21 17:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-16 16:03 . 2011-01-21 19:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-16 16:03 . 2011-01-21 19:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-11-16 16:03 . 2011-01-21 17:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-15 13:05 . 2011-01-21 19:00 7322 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3769186861-768244651-2017040666-1000_UserData.bin
- 2011-01-21 17:23 . 2011-01-21 17:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-01-21 17:23 . 2011-01-21 18:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-01-21 17:23 . 2011-01-21 17:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-01-21 17:23 . 2011-01-21 18:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-11-16 17:36 . 2011-01-21 18:45 267524 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2011-01-21 16:21 615122 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-01-21 19:03 615122 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-01-21 16:21 103496 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-01-21 19:03 103496 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-07-26 20568]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe [2009-08-17 93848]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-07-26 16392]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-15 834544]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]

.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-15 11474024]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.sk/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\mmm\AppData\Roaming\Mozilla\Firefox\Profiles\wlg53pct.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-21 20:07:35
ComboFix-quarantined-files.txt 2011-01-21 19:07
ComboFix2.txt 2011-01-21 17:26

Pre-Run: 30 415 351 808 bytes free
Post-Run: 30 130 151 424 bytes free

- - End Of File - - E50986B2C308E1F2C91E990CB77B40AC

[Rudy]

CF soubory nesmazal. Stáhněte a spusťte Avenger: http://www.viry.cz/forum/viewtopic.php?f=11&t=19832 tímto skriptem:

Files to delete:
c:\programdata\xml5A7E.tmp
c:\programdata\xml5B8A.tmp
c:\programdata\xml5B3B.tmp

[x-an]

spustil som avenger presne podla postupu, ale po restarte mi nevyhodi ziaden log

[Rudy]

Zkontrolujte, zda jsou v adresáři c:\programdata soubory přítomny.

[x-an]

su tam

[Rudy]

Zkuste je ručně smazat.

[x-an]

zmazane

[Rudy]

Nyní by již mělo být v PC čisto. Nastala nějaká změna?

[x-an]

zatial nic badatelne, ono ako som uz povedal, pocitac mrzne v dost nepravidelnych intervaloch, dnes zamrzol len raz, ale neviem ci to bolo pred alebo po dokonceni toho cistenia, ci to malo nejaky efekt zistim v podstate az v najblizsich dnoch, no zatial velmi pekne dakujem za pomoc