Vir win32:jeefo

Zpráva

venca1567 · #1 Příspěvek od **venca1567** » 04 úno 2011 14:01

Zdravím, objevim se mi v počítači vir win32:jeefo poté co ho bratr používal. Ještě jsem se s ním nesetkal tak nevím jak postupovat....tady je log

Logfile of random's system information tool 1.08 (written by random/random)
Run by Sawyer at 2011-02-04 13:57:35
Microsoft Windows 7 Ultimate
System drive C: has 10 GB (9%) free of 102 GB
Total RAM: 1023 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:58:15, on 4.2.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Users\Sawyer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sawyer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sawyer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sawyer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sawyer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sawyer\Downloads\RSIT.exe
C:\Program Files\trend micro\Sawyer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Sawyer\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Sawyer\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
O4 - HKLM\..\Run: [GraphicsSwitch] AsusSender.exe C:\Program Files\ASUS\GraphicsSwitch\GPUStatusMonitor.exe /keep
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [HotkeyMon] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
O4 - HKLM\..\Run: [HotkeyService] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [CapsHook] AsusSender.exe C:\Program Files\EeePC\CapsHook\CapsHook.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Google Update] "C:\Users\Sawyer\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP 2010\qip.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O23 - Service: Asus Launcher Service (AsusService) - Unknown owner - C:\Windows\System32\AsusService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe

--
End of file - 7059 bytes

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-879297303-456343794-721076987-1000Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-879297303-456343794-721076987-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Users\Sawyer\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-11-01 149968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2010-06-10 548744]
"EeeSplendidAgent"=C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe []
"GraphicsSwitch"=AsusSender.exe C:\Program Files\ASUS\GraphicsSwitch\GPUStatusMonitor.exe /keep []
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-08-24 9722472]
"ASUSPRP"=C:\Program Files\ASUS\APRP\APRP.EXE [2010-09-06 2054384]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"HotkeyMon"=AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe []
"HotkeyService"=AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe []
"IgfxTray"=C:\windows\system32\igfxtray.exe [2010-07-30 141848]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2010-07-30 173592]
"Persistence"=C:\windows\system32\igfxpers.exe [2010-07-30 150552]
"CapsHook"=AsusSender.exe C:\Program Files\EeePC\CapsHook\CapsHook.exe []
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2010-06-14 153672]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Sawyer\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-26 136176]
"Infium"=C:\Program Files\QIP 2010\qip.exe [2010-11-24 5888384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-28 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\windows\AsScrPro.exe [2010-09-06 3058304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSWebStorage]
C:\Program Files\ASUS\ASUS WebStorage\2.2.32.76\ASUSWSDashBoard.exe /S []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CapsHook]
AsusSender.exe C:\Program Files\EeePC\CapsHook\CapsHook.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eee Docking]
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyMon]
AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyService]
AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
C:\Program Files\QIP 2010\qip.exe [2010-11-24 5888384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveUpdate]
AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OOBESetup]
C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe [2009-12-11 370176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
C:\Users\Sawyer\AppData\Roaming\QipGuard\QipGuard.exe [2010-11-01 190928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperHybridEngine]
AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-05-20 257832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Sawyer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Automatické vypnutí počítače.lnk]
C:\PROGRA~1\AUTOMA~1\avp.exe [2004-12-28 478720]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2010-07-30 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2030-01-01 12:34:04 ----SHD---- C:\Boot
2011-02-04 13:57:36 ----D---- C:\Program Files\trend micro
2011-02-04 13:57:35 ----D---- C:\rsit
2011-02-04 13:51:32 ----D---- C:\windows\system32\appmgmt
2011-02-04 13:35:16 ----A---- C:\windows\system32\drivers\aswFsBlk.sys
2011-02-04 13:35:15 ----A---- C:\windows\system32\drivers\aswSP.sys
2011-02-04 13:35:13 ----A---- C:\windows\system32\drivers\aswRdr.sys
2011-02-04 13:35:12 ----A---- C:\windows\system32\drivers\aswTdi.sys
2011-02-04 13:35:08 ----A---- C:\windows\system32\drivers\aswMonFlt.sys
2011-02-04 13:34:28 ----N---- C:\windows\system32\MpSigStub.exe
2011-02-04 13:33:35 ----A---- C:\windows\system32\aswBoot.exe
2011-02-03 16:25:30 ----D---- C:\ProgramData\Alwil Software
2011-02-03 16:25:30 ----D---- C:\Program Files\Alwil Software
2011-02-03 13:29:00 ----D---- C:\Users\Sawyer\AppData\Roaming\ESET
2011-02-03 13:07:12 ----D---- C:\ProgramData\ESET
2011-02-01 18:09:22 ----D---- C:\Users\Sawyer\AppData\Roaming\Hamachi
2011-02-01 18:08:59 ----D---- C:\Program Files\Hamachi
2011-02-01 18:08:59 ----A---- C:\windows\system32\drivers\hamachi.sys
2011-01-28 09:45:38 ----D---- C:\Program Files\Common Files\Logitech
2011-01-28 09:45:36 ----D---- C:\Program Files\Logitech
2011-01-27 16:28:57 ----D---- C:\ProgramData\VirtualizedApplications
2011-01-27 13:03:03 ----D---- C:\Users\Sawyer\AppData\Roaming\SoftGrid Client
2011-01-27 13:00:41 ----D---- C:\Program Files\Common Files\DESIGNER
2011-01-27 13:00:39 ----D---- C:\Program Files\Microsoft Application Virtualization Client
2011-01-27 13:00:10 ----D---- C:\Users\Sawyer\AppData\Roaming\TP
2011-01-26 13:05:46 ----A---- C:\windows\ipuninst.exe
2011-01-26 13:05:36 ----D---- C:\INTRPLAY
2011-01-25 11:23:38 ----D---- C:\Program Files\EAGLE-5.6.0
2011-01-25 11:23:35 ----D---- C:\Users\Sawyer\AppData\Roaming\CadSoft
2011-01-25 11:17:42 ----D---- C:\Program Files\EAGLE-4.16r2
2011-01-25 11:02:18 ----D---- C:\ProgramData\TrackMania
2011-01-25 11:01:44 ----A---- C:\windows\system32\xinput1_1.dll
2011-01-25 11:01:44 ----A---- C:\windows\system32\xactengine2_2.dll
2011-01-25 11:01:44 ----A---- C:\windows\system32\xactengine2_1.dll
2011-01-25 11:01:35 ----A---- C:\windows\system32\d3dx9_30.dll
2011-01-25 11:01:34 ----A---- C:\windows\system32\xactengine2_0.dll
2011-01-25 11:01:34 ----A---- C:\windows\system32\x3daudio1_0.dll
2011-01-25 11:01:34 ----A---- C:\windows\system32\d3dx9_29.dll
2011-01-25 11:01:34 ----A---- C:\windows\system32\d3dx9_28.dll
2011-01-25 11:01:33 ----A---- C:\windows\system32\d3dx9_26.dll
2011-01-25 11:01:33 ----A---- C:\windows\system32\d3dx9_25.dll
2011-01-25 11:01:32 ----A---- C:\windows\system32\d3dx9_24.dll
2011-01-25 11:00:10 ----D---- C:\projects
2011-01-25 11:00:09 ----D---- C:\cam
2011-01-25 10:56:20 ----D---- C:\Program Files\TmNationsForever
2011-01-25 10:28:18 ----D---- C:\scr
2011-01-25 10:28:17 ----D---- C:\ulp
2011-01-25 10:28:17 ----D---- C:\dru
2011-01-25 10:28:16 ----D---- C:\lbr
2011-01-24 12:26:11 ----D---- C:\Games
2011-01-17 12:22:24 ----D---- C:\windows\pss
2011-01-15 00:27:49 ----A---- C:\windows\avp.ini
2011-01-15 00:27:45 ----D---- C:\Program Files\Automatické vypnutí počítače
2011-01-13 22:55:09 ----D---- C:\windows\system32\NV
2011-01-13 22:51:04 ----A---- C:\windows\Language_trs.ini
2011-01-13 22:38:03 ----D---- C:\windows\system32\x64
2011-01-13 14:50:15 ----D---- C:\Program Files\Zrychleni Pocitace
2011-01-13 14:49:59 ----D---- C:\Users\Sawyer\AppData\Roaming\OpenCandy
2011-01-13 14:49:57 ----D---- C:\Users\Sawyer\AppData\Roaming\Xfire
2011-01-13 14:49:47 ----D---- C:\ProgramData\Xfire
2011-01-13 14:49:45 ----D---- C:\Program Files\Xfire
2011-01-13 07:56:17 ----D---- C:\windows\system32\Wat
2011-01-12 22:54:56 ----A---- C:\windows\ODBC.INI
2011-01-12 22:54:22 ----A---- C:\windows\vbaddin.ini
2011-01-12 21:24:30 ----A---- C:\windows\system32\AsusService.exe
2011-01-12 21:24:29 ----A---- C:\windows\system32\AsusSender.exe
2011-01-12 21:24:28 ----A---- C:\windows\AsAcpiSvrLang.ini
2011-01-12 12:34:29 ----A---- C:\windows\system32\d3d10warp.dll
2011-01-12 12:34:28 ----A---- C:\windows\system32\mf.dll
2011-01-12 12:34:28 ----A---- C:\windows\system32\DWrite.dll
2011-01-12 12:34:28 ----A---- C:\windows\system32\d2d1.dll
2011-01-12 12:34:27 ----A---- C:\windows\system32\XpsPrint.dll
2011-01-12 12:34:27 ----A---- C:\windows\system32\XpsGdiConverter.dll
2011-01-12 12:34:27 ----A---- C:\windows\system32\WMVDECOD.DLL
2011-01-12 12:34:27 ----A---- C:\windows\system32\FntCache.dll
2011-01-12 12:34:27 ----A---- C:\windows\system32\drivers\dxgkrnl.sys
2011-01-12 12:34:26 ----A---- C:\windows\system32\XpsRasterService.dll
2011-01-12 12:34:26 ----A---- C:\windows\system32\mfreadwrite.dll
2011-01-12 12:34:26 ----A---- C:\windows\system32\ExplorerFrame.dll
2011-01-12 12:34:26 ----A---- C:\windows\system32\drivers\dxgmms1.sys
2011-01-12 12:34:26 ----A---- C:\windows\system32\d3d10_1core.dll
2011-01-12 12:34:26 ----A---- C:\windows\system32\d3d10_1.dll
2011-01-12 12:34:26 ----A---- C:\windows\system32\cdd.dll
2011-01-12 10:38:53 ----D---- C:\ProgramData\FLEXnet
2011-01-12 07:57:59 ----D---- C:\Program Files\Microsoft.NET
2011-01-11 20:34:01 ----D---- C:\Program Files\Valve
2011-01-11 20:15:32 ----D---- C:\Program Files\Adobe Media Player
2011-01-11 20:13:23 ----D---- C:\Program Files\Windows Journal
2011-01-11 20:13:18 ----D---- C:\windows\ShellNew
2011-01-11 20:13:18 ----D---- C:\windows\ehome
2011-01-11 20:13:17 ----SHD---- C:\windows\BitLockerDiscoveryVolumeContents
2011-01-11 20:13:17 ----D---- C:\windows\RemotePackages
2011-01-11 20:13:17 ----D---- C:\windows\CSC
2011-01-11 20:06:04 ----A---- C:\windows\system32\odbc32.dll
2011-01-11 20:02:58 ----D---- C:\Program Files\Common Files\Macrovision Shared
2011-01-05 16:55:25 ----D---- C:\Program Files\fritzing.2010.09.30.pc
2011-01-05 00:16:48 ----A---- C:\installer_debug.txt
2011-01-05 00:16:06 ----D---- C:\Program Files\Siemens
2011-01-05 00:16:05 ----HD---- C:\Program Files\Zero G Registry
2011-01-05 00:12:46 ----D---- C:\Users\Sawyer\AppData\Roaming\WinRAR

======List of files/folders modified in the last 1 months======

2011-02-04 13:58:16 ----D---- C:\windows\Temp
2011-02-04 13:57:36 ----RD---- C:\Program Files
2011-02-04 13:51:32 ----D---- C:\windows\System32
2011-02-04 13:51:31 ----SHD---- C:\windows\Installer
2011-02-04 13:51:27 ----D---- C:\windows\system32\Tasks
2011-02-04 13:51:03 ----D---- C:\windows\system32\catroot2
2011-02-04 13:50:57 ----SHD---- C:\System Volume Information
2011-02-04 13:45:52 ----D---- C:\windows\system32\config
2011-02-04 13:45:28 ----A---- C:\windows\win.ini
2011-02-04 13:44:26 ----D---- C:\Windows
2011-02-04 13:35:16 ----AD---- C:\windows\system32\drivers
2011-02-04 13:34:49 ----D---- C:\windows\winsxs
2011-02-04 13:27:02 ----D---- C:\windows\Tasks
2011-02-04 13:27:02 ----D---- C:\windows\system32\wfp
2011-02-04 13:27:00 ----D---- C:\windows\system32\wbem
2011-02-04 13:26:08 ----D---- C:\windows\system32\DriverStore
2011-02-04 13:26:07 ----D---- C:\windows\system32\CodeIntegrity
2011-02-04 13:26:06 ----D---- C:\windows\Microsoft.NET
2011-02-04 13:26:05 ----D---- C:\windows\inf
2011-02-04 13:26:03 ----D---- C:\Users\Sawyer\AppData\Roaming\QipGuard
2011-02-04 13:26:00 ----D---- C:\totalcmd
2011-02-04 13:25:59 ----HD---- C:\ProgramData
2011-02-04 13:25:59 ----D---- C:\Program Files\WinRAR
2011-02-04 13:25:58 ----D---- C:\Program Files\The KMPlayer
2011-02-04 13:25:56 ----D---- C:\Program Files\QIP 2010
2011-02-04 13:25:56 ----D---- C:\Program Files\Microsoft Silverlight
2011-02-04 13:25:55 ----D---- C:\Program Files\Guitar Pro 5
2011-02-04 13:25:52 ----D---- C:\Program Files\Bethesda Softworks
2011-02-04 13:25:50 ----D---- C:\Program Files\3DO
2011-02-04 13:25:50 ----D---- C:\Eagle-4.03e
2011-02-04 13:25:49 ----D---- C:\eagle+3D
2011-02-04 13:25:31 ----D---- C:\windows\registration
2011-02-04 13:25:22 ----D---- C:\windows\system32\catroot
2011-02-04 13:24:32 ----SD---- C:\Users\Sawyer\AppData\Roaming\Microsoft
2011-02-03 12:54:52 ----D---- C:\ProgramData\Trend Micro
2011-02-03 12:53:38 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-02-01 18:08:26 ----D---- C:\temp
2011-01-30 13:57:02 ----D---- C:\windows\system32\NDF
2011-01-28 09:45:38 ----D---- C:\Program Files\Common Files
2011-01-27 13:00:42 ----D---- C:\Program Files\Common Files\microsoft shared
2011-01-27 13:00:40 ----SD---- C:\ProgramData\Microsoft
2011-01-27 13:00:39 ----D---- C:\Program Files\Microsoft Office
2011-01-25 11:01:44 ----RSD---- C:\windows\assembly
2011-01-25 10:27:36 ----D---- C:\Program Files\EAGLE-4.03
2011-01-14 18:08:51 ----D---- C:\windows\system32\wdi
2011-01-13 22:43:53 ----D---- C:\ProgramData\NVIDIA
2011-01-12 23:04:50 ----D---- C:\Program Files\NVIDIA Corporation
2011-01-12 22:53:01 ----RSD---- C:\windows\Fonts
2011-01-12 21:24:27 ----D---- C:\Program Files\EeePC
2011-01-12 21:24:17 ----HD---- C:\Program Files\InstallShield Installation Information
2011-01-12 21:16:44 ----RD---- C:\Users
2011-01-12 08:04:36 ----D---- C:\windows\system32\cs-CZ
2011-01-12 07:58:07 ----D---- C:\windows\system32\en-US
2011-01-11 20:30:14 ----D---- C:\Users\Sawyer\AppData\Roaming\Adobe
2011-01-11 20:20:22 ----D---- C:\Program Files\Adobe
2011-01-11 20:19:58 ----D---- C:\ProgramData\Adobe
2011-01-11 20:17:08 ----D---- C:\Program Files\Common Files\Adobe
2011-01-11 20:13:28 ----D---- C:\Program Files\Microsoft Games
2011-01-11 20:13:28 ----D---- C:\Program Files\DVD Maker
2011-01-11 20:13:17 ----D---- C:\windows\system32\pl-PL
2011-01-11 20:13:17 ----D---- C:\windows\security
2011-01-11 20:13:16 ----D---- C:\windows\system32\hu-HU
2011-01-11 20:13:14 ----D---- C:\windows\system32\drivers\UMDF
2011-01-11 20:13:13 ----D---- C:\windows\system32\sk-SK
2011-01-11 20:13:05 ----D---- C:\windows\PolicyDefinitions
2011-01-11 20:11:24 ----D---- C:\windows\system32\restore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvpciflt;nvpciflt; C:\windows\system32\DRIVERS\nvpciflt.sys [2010-07-27 19656]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-06-19 173440]
R1 AsUpIO;AsUpIO; C:\windows\system32\drivers\AsUpIO.sys [2010-03-31 11520]
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2011-01-13 47440]
R1 ElbyCDIO;ElbyCDIO Driver; C:\windows\System32\Drivers\ElbyCDIO.sys [2009-12-17 26024]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 adfs;adfs; C:\windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\windows\system32\DRIVERS\bcmwl6.sys [2010-05-08 2710592]
R3 ETD;ELAN PS/2 Port Input Device; C:\windows\system32\DRIVERS\ETD.sys [2010-07-21 102912]
R3 hamachi;Hamachi Network Interface; C:\windows\system32\DRIVERS\hamachi.sys [2011-02-01 25280]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHDA.sys [2010-08-24 3178472]
R3 kbfiltr;Keyboard Filter; C:\windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 13880]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\L1C62x86.sys [2010-05-10 68208]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]
R3 Sftfs;Sftfs; C:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 550760]
R3 Sftplay;Sftplay; C:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 195944]
R3 Sftredir;Sftredir; C:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 21864]
R3 Sftvol;Sftvol; C:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 19304]
R3 VClone;VClone; C:\windows\system32\DRIVERS\VClone.sys [2009-08-09 29696]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\windows\system32\drivers\WmBEnum.sys [2010-04-27 22856]
R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\windows\system32\drivers\WmVirHid.sys [2010-04-27 15048]
R3 WmXlCore;Logitech Translation Layer Driver; C:\windows\system32\drivers\WmXlCore.sys [2010-04-27 66632]
S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athr.sys [2009-07-13 1096704]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BthEnum;Bluetooth Request Block Driver; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2010-06-24 393216]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2010-06-24 60416]
S3 btwampfl;Bluetooth AMP USB Filter; C:\windows\system32\drivers\btwampfl.sys [2010-05-21 293928]
S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2010-05-21 88104]
S3 btwavdt;Bluetooth AVDT Service; C:\windows\system32\DRIVERS\btwavdt.sys [2010-05-21 111144]
S3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2010-05-21 33320]
S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2010-05-21 18728]
S3 fssfltr;FssFltr; C:\windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2010-07-30 4806144]
S3 KMWDFILTERx86;HIDServiceDesc; C:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
S3 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;SIS AGP Bus Filter; C:\windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 viaagp;VIA AGP Bus Filter; C:\windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\windows\system32\drivers\WmFilter.sys [2010-04-27 37704]
S4 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\windows\system32\drivers\csc.sys [2009-07-14 387584]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AsusService;Asus Launcher Service; C:\Windows\System32\AsusService.exe [2009-08-18 219136]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-05-21 652576]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2009-07-14 20992]
R2 nvsvc;NVIDIA Display Driver Service; C:\windows\system32\nvvsvc.exe [2010-07-27 129640]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2009-07-14 20992]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 sftlist;Application Virtualization Client; C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
R3 AppMgmt;@appmgmts.dll,-3250; C:\windows\system32\svchost.exe [2009-07-14 20992]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-01-11 655624]
S3 fsssvc;Služba Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2011-01-13 1343400]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

#2 Příspěvek od **motji** » 04 úno 2011 17:23

hezké odpoledne

restartujte do nouzového režimu ( po restartu mačkejte F8)

Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky

venca1567 · #3 Příspěvek od **venca1567** » 04 úno 2011 19:13

Automatická kontrola: dokončeno před 4 min. (události: 52, objekty: 297493, čas: 01:06:05)
4.2.2011 18:00:13 Úloha byla spuštěna
4.2.2011 18:01:48 Zjištěno: Virus.Win32.Hidrag.a C:\Program Files\ASUS\APRP\aprp.exe
4.2.2011 18:01:49 Dezinfikováno: Virus.Win32.Hidrag.a C:\Program Files\ASUS\APRP\aprp.exe
4.2.2011 18:01:49 Dezinfikováno: Virus.Win32.Hidrag.a C:\Program Files\ASUS\APRP\aprp.exe
4.2.2011 18:03:24 Zjištěno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
4.2.2011 18:03:24 Dezinfikováno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
4.2.2011 18:03:24 Dezinfikováno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
4.2.2011 18:12:20 Zjištěno: Trojan-GameThief.Win32.Taworm.fao C:\Documents and Settings\Sawyer\Downloads\antijeefo-en.exe/UPX
4.2.2011 18:12:37 Odstraněno: Trojan-GameThief.Win32.Taworm.fao C:\Documents and Settings\Sawyer\Downloads\antijeefo-en.exe
4.2.2011 18:32:00 Zjištěno: Virus.Win32.Hidrag.a C:\Program Files\3DO\gameup.exe
4.2.2011 18:32:01 Dezinfikováno: Virus.Win32.Hidrag.a C:\Program Files\3DO\gameup.exe
4.2.2011 18:32:01 Zjištěno: Virus.Win32.Hidrag.a C:\Program Files\3DO\Support\SysInfo.exe
4.2.2011 18:32:01 Dezinfikováno: Virus.Win32.Hidrag.a C:\Program Files\3DO\gameup.exe
4.2.2011 18:32:02 Dezinfikováno: Virus.Win32.Hidrag.a C:\Program Files\3DO\Support\SysInfo.exe
4.2.2011 18:32:03 Dezinfikováno: Virus.Win32.Hidrag.a C:\Program Files\3DO\Support\SysInfo.exe
4.2.2011 18:32:05 Zjištěno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Adobe Bridge CS4\bridgeproxy.exe
4.2.2011 18:32:05 Dezinfikováno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Adobe Bridge CS4\bridgeproxy.exe
4.2.2011 18:32:06 Dezinfikováno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Adobe Bridge CS4\bridgeproxy.exe
4.2.2011 18:32:17 Zjištěno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Adobe Bridge CS4\Photodownloader.exe
4.2.2011 18:32:26 Dezinfikováno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Adobe Bridge CS4\Photodownloader.exe
4.2.2011 18:32:26 Dezinfikováno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Adobe Bridge CS4\Photodownloader.exe
4.2.2011 18:32:34 Zjištěno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Adobe Device Central CS4\Required\Opera\program\plugins\NPSWF32_FlashUtil.exe
4.2.2011 18:32:36 Dezinfikováno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Adobe Device Central CS4\Required\Opera\program\plugins\NPSWF32_FlashUtil.exe
4.2.2011 18:32:36 Dezinfikováno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Adobe Device Central CS4\Required\Opera\program\plugins\NPSWF32_FlashUtil.exe
4.2.2011 18:32:37 Zjištěno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Adobe Extension Manager CS4\Adobe Extension Manager CS4.exe
4.2.2011 18:32:40 Dezinfikováno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Adobe Extension Manager CS4\Adobe Extension Manager CS4.exe
4.2.2011 18:32:40 Dezinfikováno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Adobe Extension Manager CS4\Adobe Extension Manager CS4.exe
4.2.2011 18:32:56 Zjištěno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Adobe Photoshop CS4\Required\Droplet Template.exe
4.2.2011 18:32:58 Dezinfikováno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Adobe Photoshop CS4\Required\Droplet Template.exe
4.2.2011 18:32:58 Dezinfikováno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Adobe Photoshop CS4\Required\Droplet Template.exe
4.2.2011 18:33:03 Zjištěno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Reader 9.0\Reader\A3DUtility.exe
4.2.2011 18:33:05 Dezinfikováno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Reader 9.0\Reader\A3DUtility.exe
4.2.2011 18:33:05 Dezinfikováno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Reader 9.0\Reader\A3DUtility.exe
4.2.2011 18:33:05 Zjištěno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe
4.2.2011 18:33:06 Zjištěno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Reader 9.0\Reader\AcroBroker.exe
4.2.2011 18:33:06 Dezinfikováno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe
4.2.2011 18:33:06 Dezinfikováno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe
4.2.2011 18:33:07 Dezinfikováno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Reader 9.0\Reader\AcroBroker.exe
4.2.2011 18:33:08 Dezinfikováno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Reader 9.0\Reader\AcroBroker.exe
4.2.2011 18:33:26 Zjištěno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-FFFF-7B44-A91000000001}\AirShareInstaller.exe
4.2.2011 18:33:27 Dezinfikováno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-FFFF-7B44-A91000000001}\AirShareInstaller.exe
4.2.2011 18:33:27 Dezinfikováno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-FFFF-7B44-A91000000001}\AirShareInstaller.exe
4.2.2011 18:33:28 Zjištěno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-FFFF-7B44-A91000000001}\Setup.exe
4.2.2011 18:33:29 Dezinfikováno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-FFFF-7B44-A91000000001}\Setup.exe
4.2.2011 18:33:29 Dezinfikováno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-FFFF-7B44-A91000000001}\Setup.exe
4.2.2011 18:33:30 Zjištěno: Virus.Win32.Hidrag.a C:\Program Files\Adobe Media Player\Adobe Media Player.exe
4.2.2011 18:33:32 Dezinfikováno: Virus.Win32.Hidrag.a C:\Program Files\Adobe Media Player\Adobe Media Player.exe
4.2.2011 18:33:32 Dezinfikováno: Virus.Win32.Hidrag.a C:\Program Files\Adobe Media Player\Adobe Media Player.exe
4.2.2011 18:33:40 Zjištěno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-FFFF-7B44-A91000000001}\Adobe AIR Installer.exe
4.2.2011 18:33:44 Dezinfikováno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-FFFF-7B44-A91000000001}\Adobe AIR Installer.exe
4.2.2011 18:33:44 Dezinfikováno: Virus.Win32.Hidrag.a C:\Program Files\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-FFFF-7B44-A91000000001}\Adobe AIR Installer.exe
4.2.2011 19:06:18 Úloha byla dokončena

#4 Příspěvek od **motji** » 04 úno 2011 21:15

Fajn, jak je na tom počítač?

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

----------------------------------------------------------

Zkuste tento program
http://www.sophos.com/support/cleaners/jeefogui.com
-spusťte ho, kliknete na Go
-po skončení skenu restartujte pc a dejte vědět jak to vypadá

venca1567 · #5 Příspěvek od **venca1567** » 04 úno 2011 22:20

Počítač se zatím tváří v pořádku a tady jsou ty logy:
OTL.Txt
http://leteckaposta.cz/414255793

Extras.txt
http://leteckaposta.cz/876305250

#6 Příspěvek od **motji** » 04 úno 2011 22:50

Fajn, Otl vypadá dobře.

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

venca1567 · #7 Příspěvek od **venca1567** » 05 úno 2011 00:10

ComboFix 11-01-31.02 - Sawyer 04.02.2011 23:10:58.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.1023.417 [GMT 1:00]
Spuštěný z: c:\users\Sawyer\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\FullRemove.exe
c:\users\Sawyer\War3TFT_118a_English.exe
c:\windows\system32\MpSigStub.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-04 do 2011-02-04 )))))))))))))))))))))))))))))))
.

2030-01-01 11:34 . 2030-01-01 11:34 -------- d-----w- C:\Boot
2011-02-04 22:49 . 2011-02-04 22:49 -------- d-----w- c:\users\Sawyer\AppData\Local\temp
2011-02-04 22:49 . 2011-02-04 22:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-04 20:31 . 2011-02-04 20:31 -------- d-----w- C:\_OTL
2011-02-04 16:57 . 2011-02-04 16:57 -------- d-----w- c:\programdata\Kaspersky Lab
2011-02-04 16:51 . 2011-02-04 16:51 -------- d-----w- c:\program files\CCleaner
2011-02-04 12:57 . 2011-02-04 12:58 -------- d-----w- c:\program files\trend micro
2011-02-04 12:57 . 2011-02-04 12:58 -------- d-----w- C:\rsit
2011-02-04 12:35 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-04 12:35 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-04 12:35 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-04 12:35 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-04 12:35 . 2011-01-13 08:37 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-04 12:34 . 2011-02-02 16:10 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EFAFDAAB-46F1-4B07-98CB-655E5C121F29}\mpengine.dll
2011-02-04 12:33 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-04 12:33 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-03 15:25 . 2011-02-03 15:25 -------- d-----w- c:\programdata\Alwil Software
2011-02-03 15:25 . 2011-02-03 15:25 -------- d-----w- c:\program files\Alwil Software
2011-02-03 12:10 . 2011-02-03 12:10 -------- d-----w- c:\users\Sawyer\AppData\Local\ESET
2011-02-01 17:09 . 2011-02-04 12:28 -------- d-----w- c:\users\Sawyer\AppData\Roaming\Hamachi
2011-02-01 17:08 . 2011-02-04 12:25 -------- d-----w- c:\program files\Hamachi
2011-02-01 17:08 . 2011-02-01 17:08 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-01-28 08:47 . 2011-01-28 08:47 -------- d-----w- c:\users\Sawyer\AppData\Local\Logitech
2011-01-28 08:45 . 2011-01-28 08:45 -------- d-----w- c:\program files\Common Files\Logitech
2011-01-28 08:45 . 2011-01-28 08:45 -------- d-----w- c:\program files\Logitech
2011-01-27 15:28 . 2011-02-01 06:10 -------- d-----w- c:\programdata\VirtualizedApplications
2011-01-27 12:03 . 2011-01-27 12:03 -------- d-----w- c:\users\Sawyer\AppData\Local\SoftGrid Client
2011-01-27 12:03 . 2011-02-01 06:10 -------- d-----w- c:\users\Sawyer\AppData\Roaming\SoftGrid Client
2011-01-27 12:00 . 2011-02-04 12:27 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2011-01-27 12:00 . 2011-01-27 12:03 -------- d-----w- c:\users\Sawyer\AppData\Roaming\TP
2011-01-26 12:05 . 2011-01-26 12:05 52224 ----a-w- c:\windows\ipuninst.exe
2011-01-26 12:05 . 2011-01-26 12:05 -------- d-----w- C:\INTRPLAY
2011-01-25 10:23 . 2011-01-25 10:23 -------- d-----w- c:\program files\EAGLE-5.6.0
2011-01-25 10:23 . 2011-01-25 10:23 -------- d-----w- c:\users\Sawyer\AppData\Roaming\CadSoft
2011-01-25 10:17 . 2011-01-25 10:22 -------- d-----w- c:\program files\EAGLE-4.16r2
2011-01-25 10:02 . 2011-01-31 13:43 -------- d-----w- c:\programdata\TrackMania
2011-01-25 10:01 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-01-25 10:00 . 2011-01-25 10:00 -------- d-----w- C:\projects
2011-01-25 10:00 . 2011-01-25 10:00 -------- d-----w- C:\cam
2011-01-25 09:56 . 2011-02-04 12:25 -------- d-----w- c:\program files\TmNationsForever
2011-01-25 09:28 . 2011-01-25 09:28 -------- d-----w- C:\scr
2011-01-25 09:28 . 2011-01-25 09:28 -------- d-----w- C:\ulp
2011-01-25 09:28 . 2011-01-25 09:28 -------- d-----w- C:\dru
2011-01-25 09:28 . 2011-01-25 09:28 -------- d-----w- C:\lbr
2011-01-24 11:26 . 2011-01-24 11:26 -------- d-----w- C:\Games
2011-01-14 23:27 . 2011-02-04 12:25 -------- d-----w- c:\program files\Automatické vypnutí počítače
2011-01-13 21:55 . 2011-01-13 21:55 -------- d-----w- c:\windows\system32\NV
2011-01-13 21:38 . 2011-01-13 21:38 -------- d-----w- c:\windows\system32\x64
2011-01-13 13:50 . 2011-02-04 12:25 -------- d-----w- c:\program files\Zrychleni Pocitace
2011-01-13 13:50 . 2011-01-13 13:50 -------- d-----w- c:\users\Sawyer\AppData\Local\OpenCandy
2011-01-13 13:49 . 2011-01-13 13:49 -------- d-----w- c:\users\Sawyer\AppData\Roaming\OpenCandy
2011-01-13 13:49 . 2011-02-04 12:29 -------- d-----w- c:\users\Sawyer\AppData\Roaming\Xfire
2011-01-13 13:49 . 2011-01-31 14:12 -------- d-----w- c:\programdata\Xfire
2011-01-13 13:49 . 2011-02-04 12:25 -------- d-----w- c:\program files\Xfire
2011-01-13 06:56 . 2011-01-13 06:56 -------- d-----w- c:\windows\system32\Wat
2011-01-12 20:24 . 2009-08-18 16:35 219136 ----a-w- c:\windows\system32\AsusService.exe
2011-01-12 20:24 . 2010-03-02 21:21 29184 ----a-w- c:\windows\system32\AsusSender.exe
2011-01-12 09:38 . 2011-01-12 09:38 -------- d-----w- c:\programdata\FLEXnet
2011-01-12 09:05 . 2011-01-12 09:05 -------- d-----w- c:\users\Sawyer\AppData\Local\Diagnostics
2011-01-12 06:57 . 2011-01-12 21:52 -------- d-----w- c:\program files\Microsoft.NET
2011-01-11 19:34 . 2011-02-04 12:25 -------- d-----w- c:\program files\Valve
2011-01-11 19:32 . 2003-09-03 01:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2011-01-11 19:32 . 2003-09-03 01:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2011-01-11 19:32 . 2003-09-03 01:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2011-01-11 19:32 . 2003-09-03 01:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2011-01-11 19:32 . 2003-09-03 01:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2011-01-11 19:32 . 2011-01-11 19:32 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2011-01-11 19:32 . 2011-01-11 19:32 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2011-01-11 19:15 . 2011-02-04 14:39 -------- d-----w- c:\program files\Adobe Media Player
2011-01-11 19:13 . 2011-01-11 19:13 -------- d-----w- c:\program files\Windows Journal
2011-01-11 19:13 . 2011-01-11 19:13 -------- d-----w- c:\windows\ehome
2011-01-11 19:13 . 2011-01-11 19:13 -------- d-----w- c:\windows\ShellNew
2011-01-11 19:13 . 2011-01-11 19:13 -------- d-sh--w- c:\windows\BitLockerDiscoveryVolumeContents
2011-01-11 19:13 . 2011-01-11 19:13 -------- d-----w- c:\windows\RemotePackages
2011-01-11 19:12 . 2011-02-04 03:28 -------- d-----r- c:\users\Public\Recorded TV
2011-01-11 19:12 . 2011-01-11 19:12 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs
2011-01-11 19:06 . 2010-10-16 04:34 573440 ----a-w- c:\windows\system32\odbc32.dll
2011-01-11 19:06 . 2010-10-16 04:33 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-11 19:06 . 2010-10-16 04:33 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-11 19:06 . 2010-10-16 04:33 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-11 19:06 . 2010-10-16 04:33 208896 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-11 19:02 . 2011-01-11 19:02 -------- d-----w- c:\program files\Common Files\Macrovision Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-26 10:27 . 2010-12-26 10:20 2829 ----a-w- c:\windows\War3Unin.pif
2010-12-26 10:27 . 2010-12-26 10:20 174592 ----a-w- c:\windows\War3Unin.exe
2010-12-17 06:56 . 2011-01-04 22:41 545 ----a-w- c:\windows\UC.PIF
2010-12-17 06:56 . 2011-01-04 22:41 545 ----a-w- c:\windows\RAR.PIF
2010-12-17 06:56 . 2011-01-04 22:41 545 ----a-w- c:\windows\PKZIP.PIF
2010-12-17 06:56 . 2011-01-04 22:41 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-12-17 06:56 . 2011-01-04 22:41 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-12-17 06:56 . 2011-01-04 22:41 545 ----a-w- c:\windows\LHA.PIF
2010-12-17 06:56 . 2011-01-04 22:41 545 ----a-w- c:\windows\ARJ.PIF
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OVERLAYICONEXTENSION1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2009-11-25 11:47 297808 ----a-w- c:\windows\System32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OVERLAYICONEXTENSION2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2009-11-25 11:47 297808 ----a-w- c:\windows\System32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Sawyer\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-12-26 171504]
"Infium"="c:\program files\QIP 2010\qip.exe" [2010-11-24 5888384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GraphicsSwitch"="AsusSender.exe" [2010-03-02 29184]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-08-24 9722472]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2011-02-04 2018032]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"HotkeyMon"="AsusSender.exe" [2010-03-02 29184]
"HotkeyService"="AsusSender.exe" [2010-03-02 29184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-30 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-30 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-30 150552]
"CapsHook"="AsusSender.exe" [2010-03-02 29184]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

c:\users\Sawyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2011-2-1 659744]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-7-9 3529104]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-5-21 828704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKLM\~\startupfolder\C:^Users^Sawyer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Automatické vypnutí počítače.lnk]
path=c:\users\Sawyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Automatické vypnutí počítače.lnk
backup=c:\windows\pss\Automatické vypnutí počítače.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-28 00:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2010-09-06 17:14 3058304 ----a-w- c:\windows\AsScrPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CapsHook]
2010-03-02 21:21 29184 ----a-w- c:\windows\System32\AsusSender.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyMon]
2010-03-02 21:21 29184 ----a-w- c:\windows\System32\AsusSender.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyService]
2010-03-02 21:21 29184 ----a-w- c:\windows\System32\AsusSender.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
2010-11-24 13:02 5888384 ----a-w- c:\program files\QIP 2010\qip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveUpdate]
2010-03-02 21:21 29184 ----a-w- c:\windows\System32\AsusSender.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OOBESetup]
2009-12-11 07:56 370176 ----a-w- c:\program files\ASUS\OOBERegBackup\OOBERegBackup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
2010-11-01 10:40 226256 ----a-w- c:\users\Sawyer\AppData\Roaming\QipGuard\QipGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperHybridEngine]
2010-03-02 21:21 29184 ----a-w- c:\windows\System32\AsusSender.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2009-05-20 05:16 257832 ----a-w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-06-17 11:44 85160 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-18 219136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-05-21 293928]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-05-21 33320]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-13 1343400]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-07-27 19656]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-03-31 11520]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-07-21 102912]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-05-10 68208]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'

2011-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-879297303-456343794-721076987-1000Core.job
- c:\users\Sawyer\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-26 03:59]

2011-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-879297303-456343794-721076987-1000UA.job
- c:\users\Sawyer\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-26 03:59]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-ETDWare - %ProgramFiles%\Elantech\ETDCtrl.exe
HKLM-Run-EeeSplendidAgent - c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe
MSConfigStartUp-ASUSWebStorage - c:\program files\ASUS\ASUS WebStorage\2.2.32.76\ASUSWSDashBoard.exe
MSConfigStartUp-Eee Docking - c:\program files\ASUS\Eee Docking\Eee Docking.exe
AddRemove-ASUS VIBE - c:\program files\ASUS\ASUS VIBE\1.0.190\uninst.exe
AddRemove-ASUS WebStorage - c:\program files\ASUS\ASUS WebStorage\uninst.exe
AddRemove-Eee Docking_is1 - c:\program files\ASUS\Eee Docking\unins000.exe

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-02-04 23:54:57
ComboFix-quarantined-files.txt 2011-02-04 22:54

Před spuštěním: 9 222 963 200
Po spuštění: 9 149 542 400

- - End Of File - - B5807D0F777BF1108123151BF474851C

#8 Příspěvek od **motji** » 05 úno 2011 00:18

tyto složky znáte?
C:\scr
C:\ulp
C:\dru
C:\lbr

Zkoušel jste ten program jeffofui?
Víte, kde jste se tímto virem nakazil (crack, zavirované stránky?)

Jak to vypadá s počítačem?

venca1567 · #9 Příspěvek od **venca1567** » 05 úno 2011 00:38

Ty složky vytvořil program eagle.

Program jsem zkoušel a nic nehlásil takže to bude nejspíš v pořádku.

Vir se objevil při přeinstalování antiviru na nod32, který jsem po objevení viru odinstaloval a nainstalovat avast a snažil se viru zbavit, protože nod32 mi nic nenašel.

Počítač jde bez problémů až na některé exe soubory, které to muselo nejspíš vymazat

#10 Příspěvek od **motji** » 05 úno 2011 00:53

Spíš je poškodil vir, exe soubory smažte a programy přeinstalujte.
za pár dní počítač znovu zkontrolujte Avptoolem, kdyby se vir vrátil, dobrý je i webcureit, mám ho v podpise

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.

***********

Stáhněte T-Cleaner
http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir

***********

Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázek

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

Obrázek

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy

ok

zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.

***********

Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech

***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?

venca1567 · #11 Příspěvek od **venca1567** » 05 úno 2011 12:22

Počítač je již v pořádku, žádné problémy nenastaly, děkuji za pomoc a přikládám log z RSIT

Logfile of random's system information tool 1.08 (written by random/random)
Run by Sawyer at 2011-02-05 12:16:28
Microsoft Windows 7 Ultimate
System drive C: has 9 GB (9%) free of 102 GB
Total RAM: 1023 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:17:00, on 5.2.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Sawyer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sawyer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sawyer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sawyer\Downloads\RSIT.exe
C:\Program Files\trend micro\Sawyer.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Sawyer\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Sawyer\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [GraphicsSwitch] AsusSender.exe C:\Program Files\ASUS\GraphicsSwitch\GPUStatusMonitor.exe /keep
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [HotkeyMon] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
O4 - HKLM\..\Run: [HotkeyService] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [CapsHook] AsusSender.exe C:\Program Files\EeePC\CapsHook\CapsHook.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Google Update] "C:\Users\Sawyer\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP 2010\qip.exe" /autorun
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O23 - Service: Asus Launcher Service (AsusService) - Unknown owner - C:\Windows\System32\AsusService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe

--
End of file - 5828 bytes

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-879297303-456343794-721076987-1000Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-879297303-456343794-721076987-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Users\Sawyer\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-11-01 149968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GraphicsSwitch"=AsusSender.exe C:\Program Files\ASUS\GraphicsSwitch\GPUStatusMonitor.exe /keep []
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-08-24 9722472]
"ASUSPRP"=C:\Program Files\ASUS\APRP\APRP.EXE [2011-02-04 2018032]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"HotkeyMon"=AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe []
"HotkeyService"=AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe []
"IgfxTray"=C:\windows\system32\igfxtray.exe [2010-07-30 141848]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2010-07-30 173592]
"Persistence"=C:\windows\system32\igfxpers.exe [2010-07-30 150552]
"CapsHook"=AsusSender.exe C:\Program Files\EeePC\CapsHook\CapsHook.exe []
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2010-06-14 153672]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Sawyer\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-26 171504]
"Infium"=C:\Program Files\QIP 2010\qip.exe [2010-11-24 5888384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-28 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\windows\AsScrPro.exe [2010-09-06 3058304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CapsHook]
AsusSender.exe C:\Program Files\EeePC\CapsHook\CapsHook.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyMon]
AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyService]
AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
C:\Program Files\QIP 2010\qip.exe [2010-11-24 5888384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveUpdate]
AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OOBESetup]
C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe [2009-12-11 370176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
C:\Users\Sawyer\AppData\Roaming\QipGuard\QipGuard.exe [2010-11-01 226256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperHybridEngine]
AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-05-20 257832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Sawyer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Automatické vypnutí počítače.lnk]
C:\PROGRA~1\AUTOMA~1\avp.exe [2004-12-28 478720]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2010-07-30 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\windows\system32\webcheck.dll [2009-07-14 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2030-01-01 12:34:04 ----D---- C:\Boot
2011-02-05 12:16:28 ----D---- C:\rsit
2011-02-04 23:55:11 ----SHD---- C:\$RECYCLE.BIN
2011-02-04 23:08:04 ----D---- C:\windows\ERDNT
2011-02-04 17:57:07 ----D---- C:\ProgramData\Kaspersky Lab
2011-02-04 17:51:18 ----D---- C:\Program Files\CCleaner
2011-02-04 13:57:36 ----D---- C:\Program Files\trend micro
2011-02-04 13:51:32 ----D---- C:\windows\system32\appmgmt
2011-02-04 13:35:16 ----A---- C:\windows\system32\drivers\aswFsBlk.sys
2011-02-04 13:35:15 ----A---- C:\windows\system32\drivers\aswSP.sys
2011-02-04 13:35:13 ----A---- C:\windows\system32\drivers\aswRdr.sys
2011-02-04 13:35:12 ----A---- C:\windows\system32\drivers\aswTdi.sys
2011-02-04 13:35:08 ----A---- C:\windows\system32\drivers\aswMonFlt.sys
2011-02-04 13:33:35 ----A---- C:\windows\system32\aswBoot.exe
2011-02-03 16:25:30 ----D---- C:\ProgramData\Alwil Software
2011-02-03 16:25:30 ----D---- C:\Program Files\Alwil Software
2011-02-03 13:29:00 ----D---- C:\Users\Sawyer\AppData\Roaming\ESET
2011-02-03 13:07:12 ----D---- C:\ProgramData\ESET
2011-02-01 18:09:22 ----D---- C:\Users\Sawyer\AppData\Roaming\Hamachi
2011-02-01 18:08:59 ----D---- C:\Program Files\Hamachi
2011-02-01 18:08:59 ----A---- C:\windows\system32\drivers\hamachi.sys
2011-01-28 09:45:38 ----D---- C:\Program Files\Common Files\Logitech
2011-01-28 09:45:36 ----D---- C:\Program Files\Logitech
2011-01-27 16:28:57 ----D---- C:\ProgramData\VirtualizedApplications
2011-01-27 13:03:03 ----D---- C:\Users\Sawyer\AppData\Roaming\SoftGrid Client
2011-01-27 13:00:41 ----D---- C:\Program Files\Common Files\DESIGNER
2011-01-27 13:00:39 ----D---- C:\Program Files\Microsoft Application Virtualization Client
2011-01-27 13:00:10 ----D---- C:\Users\Sawyer\AppData\Roaming\TP
2011-01-26 13:05:46 ----A---- C:\windows\ipuninst.exe
2011-01-26 13:05:36 ----D---- C:\INTRPLAY
2011-01-25 11:23:38 ----D---- C:\Program Files\EAGLE-5.6.0
2011-01-25 11:23:35 ----D---- C:\Users\Sawyer\AppData\Roaming\CadSoft
2011-01-25 11:17:42 ----D---- C:\Program Files\EAGLE-4.16r2
2011-01-25 11:02:18 ----D---- C:\ProgramData\TrackMania
2011-01-25 11:01:44 ----A---- C:\windows\system32\xinput1_1.dll
2011-01-25 11:01:44 ----A---- C:\windows\system32\xactengine2_2.dll
2011-01-25 11:01:44 ----A---- C:\windows\system32\xactengine2_1.dll
2011-01-25 11:01:35 ----A---- C:\windows\system32\d3dx9_30.dll
2011-01-25 11:01:34 ----A---- C:\windows\system32\xactengine2_0.dll
2011-01-25 11:01:34 ----A---- C:\windows\system32\x3daudio1_0.dll
2011-01-25 11:01:34 ----A---- C:\windows\system32\d3dx9_29.dll
2011-01-25 11:01:34 ----A---- C:\windows\system32\d3dx9_28.dll
2011-01-25 11:01:33 ----A---- C:\windows\system32\d3dx9_26.dll
2011-01-25 11:01:33 ----A---- C:\windows\system32\d3dx9_25.dll
2011-01-25 11:01:32 ----A---- C:\windows\system32\d3dx9_24.dll
2011-01-25 11:00:10 ----D---- C:\projects
2011-01-25 11:00:09 ----D---- C:\cam
2011-01-25 10:56:20 ----D---- C:\Program Files\TmNationsForever
2011-01-25 10:28:18 ----D---- C:\scr
2011-01-25 10:28:17 ----D---- C:\ulp
2011-01-25 10:28:17 ----D---- C:\dru
2011-01-25 10:28:16 ----D---- C:\lbr
2011-01-24 12:26:11 ----D---- C:\Games
2011-01-17 12:22:24 ----D---- C:\windows\pss
2011-01-15 00:27:49 ----A---- C:\windows\avp.ini
2011-01-15 00:27:45 ----D---- C:\Program Files\Automatické vypnutí počítače
2011-01-13 22:55:09 ----D---- C:\windows\system32\NV
2011-01-13 22:51:04 ----A---- C:\windows\Language_trs.ini
2011-01-13 22:38:03 ----D---- C:\windows\system32\x64
2011-01-13 14:50:15 ----D---- C:\Program Files\Zrychleni Pocitace
2011-01-13 14:49:59 ----D---- C:\Users\Sawyer\AppData\Roaming\OpenCandy
2011-01-13 07:56:17 ----D---- C:\windows\system32\Wat
2011-01-12 22:54:56 ----A---- C:\windows\ODBC.INI
2011-01-12 22:54:22 ----A---- C:\windows\vbaddin.ini
2011-01-12 21:24:30 ----A---- C:\windows\system32\AsusService.exe
2011-01-12 21:24:29 ----A---- C:\windows\system32\AsusSender.exe
2011-01-12 21:24:28 ----A---- C:\windows\AsAcpiSvrLang.ini
2011-01-12 12:34:29 ----A---- C:\windows\system32\d3d10warp.dll
2011-01-12 12:34:28 ----A---- C:\windows\system32\mf.dll
2011-01-12 12:34:28 ----A---- C:\windows\system32\DWrite.dll
2011-01-12 12:34:28 ----A---- C:\windows\system32\d2d1.dll
2011-01-12 12:34:27 ----A---- C:\windows\system32\XpsPrint.dll
2011-01-12 12:34:27 ----A---- C:\windows\system32\XpsGdiConverter.dll
2011-01-12 12:34:27 ----A---- C:\windows\system32\WMVDECOD.DLL
2011-01-12 12:34:27 ----A---- C:\windows\system32\FntCache.dll
2011-01-12 12:34:27 ----A---- C:\windows\system32\drivers\dxgkrnl.sys
2011-01-12 12:34:26 ----A---- C:\windows\system32\XpsRasterService.dll
2011-01-12 12:34:26 ----A---- C:\windows\system32\mfreadwrite.dll
2011-01-12 12:34:26 ----A---- C:\windows\system32\ExplorerFrame.dll
2011-01-12 12:34:26 ----A---- C:\windows\system32\drivers\dxgmms1.sys
2011-01-12 12:34:26 ----A---- C:\windows\system32\d3d10_1core.dll
2011-01-12 12:34:26 ----A---- C:\windows\system32\d3d10_1.dll
2011-01-12 12:34:26 ----A---- C:\windows\system32\cdd.dll
2011-01-12 10:38:53 ----D---- C:\ProgramData\FLEXnet
2011-01-12 07:57:59 ----D---- C:\Program Files\Microsoft.NET
2011-01-11 20:34:01 ----D---- C:\Program Files\Valve
2011-01-11 20:15:32 ----D---- C:\Program Files\Adobe Media Player
2011-01-11 20:13:23 ----D---- C:\Program Files\Windows Journal
2011-01-11 20:13:18 ----D---- C:\windows\ShellNew
2011-01-11 20:13:18 ----D---- C:\windows\ehome
2011-01-11 20:13:17 ----SHD---- C:\windows\BitLockerDiscoveryVolumeContents
2011-01-11 20:13:17 ----D---- C:\windows\RemotePackages
2011-01-11 20:13:17 ----D---- C:\windows\CSC
2011-01-11 20:06:04 ----A---- C:\windows\system32\odbc32.dll
2011-01-11 20:02:58 ----D---- C:\Program Files\Common Files\Macrovision Shared

======List of files/folders modified in the last 1 months======

2011-02-05 12:16:46 ----D---- C:\windows\Temp
2011-02-05 12:16:39 ----D---- C:\windows\system32\config
2011-02-05 12:12:59 ----D---- C:\Windows
2011-02-05 11:45:47 ----RD---- C:\Program Files
2011-02-05 11:45:47 ----D---- C:\windows\System32
2011-02-05 11:45:47 ----D---- C:\ProgramData
2011-02-05 11:37:36 ----D---- C:\windows\system32\Tasks
2011-02-05 11:22:41 ----SHD---- C:\windows\Installer
2011-02-05 11:22:41 ----D---- C:\Program Files\Adobe
2011-02-05 11:22:23 ----SHD---- C:\System Volume Information
2011-02-05 11:09:12 ----AD---- C:\windows\system32\drivers
2011-02-05 00:05:59 ----D---- C:\windows\system32\NDF
2011-02-04 23:50:28 ----A---- C:\windows\system.ini
2011-02-04 23:49:41 ----D---- C:\windows\system32\drivers\etc
2011-02-04 23:37:30 ----D---- C:\windows\AppPatch
2011-02-04 23:37:27 ----D---- C:\Program Files\Common Files
2011-02-04 17:54:13 ----D---- C:\windows\debug
2011-02-04 17:36:58 ----D---- C:\windows\rescache
2011-02-04 15:45:24 ----D---- C:\Program Files\3DO
2011-02-04 13:51:03 ----D---- C:\windows\system32\catroot2
2011-02-04 13:45:28 ----A---- C:\windows\win.ini
2011-02-04 13:34:49 ----D---- C:\windows\winsxs
2011-02-04 13:27:02 ----D---- C:\windows\Tasks
2011-02-04 13:27:02 ----D---- C:\windows\system32\wfp
2011-02-04 13:27:00 ----D---- C:\windows\system32\wbem
2011-02-04 13:26:08 ----D---- C:\windows\system32\DriverStore
2011-02-04 13:26:07 ----D---- C:\windows\system32\CodeIntegrity
2011-02-04 13:26:06 ----D---- C:\windows\Microsoft.NET
2011-02-04 13:26:05 ----D---- C:\windows\inf
2011-02-04 13:26:03 ----D---- C:\Users\Sawyer\AppData\Roaming\QipGuard
2011-02-04 13:26:00 ----D---- C:\totalcmd
2011-02-04 13:25:59 ----D---- C:\Program Files\WinRAR
2011-02-04 13:25:58 ----D---- C:\Program Files\The KMPlayer
2011-02-04 13:25:56 ----D---- C:\Program Files\QIP 2010
2011-02-04 13:25:56 ----D---- C:\Program Files\Microsoft Silverlight
2011-02-04 13:25:55 ----D---- C:\Program Files\Guitar Pro 5
2011-02-04 13:25:52 ----D---- C:\Program Files\Bethesda Softworks
2011-02-04 13:25:50 ----D---- C:\Eagle-4.03e
2011-02-04 13:25:49 ----D---- C:\eagle+3D
2011-02-04 13:25:31 ----D---- C:\windows\registration
2011-02-04 13:25:22 ----D---- C:\windows\system32\catroot
2011-02-04 13:24:32 ----SD---- C:\Users\Sawyer\AppData\Roaming\Microsoft
2011-02-03 12:54:52 ----D---- C:\ProgramData\Trend Micro
2011-02-03 12:53:38 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-02-01 18:08:26 ----D---- C:\temp
2011-01-27 13:00:42 ----D---- C:\Program Files\Common Files\microsoft shared
2011-01-27 13:00:40 ----SD---- C:\ProgramData\Microsoft
2011-01-27 13:00:39 ----D---- C:\Program Files\Microsoft Office
2011-01-25 11:01:44 ----RSD---- C:\windows\assembly
2011-01-25 10:27:36 ----D---- C:\Program Files\EAGLE-4.03
2011-01-14 18:08:51 ----D---- C:\windows\system32\wdi
2011-01-13 22:43:53 ----D---- C:\ProgramData\NVIDIA
2011-01-12 23:04:50 ----D---- C:\Program Files\NVIDIA Corporation
2011-01-12 22:53:01 ----RSD---- C:\windows\Fonts
2011-01-12 21:24:27 ----D---- C:\Program Files\EeePC
2011-01-12 21:24:17 ----HD---- C:\Program Files\InstallShield Installation Information
2011-01-12 21:16:44 ----RD---- C:\Users
2011-01-12 08:04:36 ----D---- C:\windows\system32\cs-CZ
2011-01-12 07:58:07 ----D---- C:\windows\system32\en-US
2011-01-11 20:30:14 ----D---- C:\Users\Sawyer\AppData\Roaming\Adobe
2011-01-11 20:19:58 ----D---- C:\ProgramData\Adobe
2011-01-11 20:17:08 ----D---- C:\Program Files\Common Files\Adobe
2011-01-11 20:13:28 ----D---- C:\Program Files\Microsoft Games
2011-01-11 20:13:28 ----D---- C:\Program Files\DVD Maker
2011-01-11 20:13:17 ----D---- C:\windows\system32\pl-PL
2011-01-11 20:13:17 ----D---- C:\windows\security
2011-01-11 20:13:16 ----D---- C:\windows\system32\hu-HU
2011-01-11 20:13:14 ----D---- C:\windows\system32\drivers\UMDF
2011-01-11 20:13:13 ----D---- C:\windows\system32\sk-SK
2011-01-11 20:13:05 ----D---- C:\windows\PolicyDefinitions
2011-01-11 20:11:24 ----D---- C:\windows\system32\restore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvpciflt;nvpciflt; C:\windows\system32\DRIVERS\nvpciflt.sys [2010-07-27 19656]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-06-19 173440]
R1 AsUpIO;AsUpIO; C:\windows\system32\drivers\AsUpIO.sys [2010-03-31 11520]
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2011-01-13 47440]
R1 ElbyCDIO;ElbyCDIO Driver; C:\windows\System32\Drivers\ElbyCDIO.sys [2009-12-17 26024]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 adfs;adfs; C:\windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\windows\system32\DRIVERS\bcmwl6.sys [2010-05-08 2710592]
R3 ETD;ELAN PS/2 Port Input Device; C:\windows\system32\DRIVERS\ETD.sys [2010-07-21 102912]
R3 hamachi;Hamachi Network Interface; C:\windows\system32\DRIVERS\hamachi.sys [2011-02-01 25280]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHDA.sys [2010-08-24 3178472]
R3 kbfiltr;Keyboard Filter; C:\windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 13880]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\L1C62x86.sys [2010-05-10 68208]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]
R3 Sftfs;Sftfs; C:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 550760]
R3 Sftplay;Sftplay; C:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 195944]
R3 Sftredir;Sftredir; C:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 21864]
R3 Sftvol;Sftvol; C:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 19304]
R3 VClone;VClone; C:\windows\system32\DRIVERS\VClone.sys [2009-08-09 29696]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\windows\system32\drivers\WmBEnum.sys [2010-04-27 22856]
R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\windows\system32\drivers\WmVirHid.sys [2010-04-27 15048]
R3 WmXlCore;Logitech Translation Layer Driver; C:\windows\system32\drivers\WmXlCore.sys [2010-04-27 66632]
S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athr.sys [2009-07-13 1096704]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BthEnum;Bluetooth Request Block Driver; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2010-06-24 393216]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2010-06-24 60416]
S3 btwampfl;Bluetooth AMP USB Filter; C:\windows\system32\drivers\btwampfl.sys [2010-05-21 293928]
S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2010-05-21 88104]
S3 btwavdt;Bluetooth AVDT Service; C:\windows\system32\DRIVERS\btwavdt.sys [2010-05-21 111144]
S3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2010-05-21 33320]
S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2010-05-21 18728]
S3 fssfltr;FssFltr; C:\windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2010-07-30 4806144]
S3 KMWDFILTERx86;HIDServiceDesc; C:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
S3 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;SIS AGP Bus Filter; C:\windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 viaagp;VIA AGP Bus Filter; C:\windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\windows\system32\drivers\WmFilter.sys [2010-04-27 37704]
S4 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\windows\system32\drivers\csc.sys [2009-07-14 387584]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AsusService;Asus Launcher Service; C:\Windows\System32\AsusService.exe [2009-08-18 219136]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-05-21 652576]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2009-07-14 20992]
R2 nvsvc;NVIDIA Display Driver Service; C:\windows\system32\nvvsvc.exe [2010-07-27 129640]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2009-07-14 20992]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 sftlist;Application Virtualization Client; C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\windows\system32\svchost.exe [2009-07-14 20992]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-01-11 655624]
S3 fsssvc;Služba Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2011-01-13 1343400]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

#12 Příspěvek od **motji** » 05 úno 2011 12:36

spusťte přejmenované HJT C:\Program Files\trend micro\Sawyer.exe , má tuto ikonku

- Klikněte na "Do a system scan only"
- U řádku
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)

- Dejte fajfku do čtverečku a zmáčkněte Fix checked

Otevřete si Poznámkový blok a zkopírujte do něj text

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CapsHook]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyMon]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyService]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveUpdate]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperHybridEngine]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=-

-uložte jako (typ: všechny soubory) kde za název souboru zadáte "smazani.reg" bez uvozovek,
klikněte na uložit, pak na soubor standardně 2X klikněte a potvrďte dialogové okno.

Pokud nejsou problémy, je to vše

. Kdyby se Vám něco nezdálo, hned se ukažte

VIRY.CZ

Vir win32:jeefo

Vir win32:jeefo

Re: Vir win32:jeefo

Re: Vir win32:jeefo

Re: Vir win32:jeefo

Re: Vir win32:jeefo

Re: Vir win32:jeefo

Re: Vir win32:jeefo

Re: Vir win32:jeefo

Re: Vir win32:jeefo

Re: Vir win32:jeefo

Re: Vir win32:jeefo

Re: Vir win32:jeefo